# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 10:52:19.863 Process: id = "1" image_name = "de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" page_root = "0x39fae000" os_pid = "0xbec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 120 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 121 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 122 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 123 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 124 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 125 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 126 start_va = 0x400000 end_va = 0x439fff monitored = 1 entry_point = 0x4355ae region_type = mapped_file name = "de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe") Region: id = 127 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 128 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 129 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 130 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 131 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 132 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 271 start_va = 0x440000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 272 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 273 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 274 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x4f0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 277 start_va = 0x6f550000 end_va = 0x6f5a8fff monitored = 1 entry_point = 0x6f560780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 278 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 282 start_va = 0x4f0000 end_va = 0x5adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 283 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 284 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 285 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 286 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 291 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 292 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 293 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 294 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 295 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 296 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 297 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 298 start_va = 0x9a0000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 299 start_va = 0x6f8a0000 end_va = 0x6f91cfff monitored = 1 entry_point = 0x6f8b0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 300 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 301 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 302 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 305 start_va = 0x9a0000 end_va = 0xb27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 306 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 307 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 309 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 310 start_va = 0xba0000 end_va = 0xd20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 311 start_va = 0xd30000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 312 start_va = 0x480000 end_va = 0x4b7fff monitored = 1 entry_point = 0x4b55ae region_type = mapped_file name = "de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de373cb42386f956133546049fa24b0ec459a78c7e667c9d05c366c198b680b3.exe") Region: id = 313 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 314 start_va = 0x6f890000 end_va = 0x6f897fff monitored = 0 entry_point = 0x6f8917b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 315 start_va = 0x6ee60000 end_va = 0x6f540fff monitored = 1 entry_point = 0x6ee8cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 316 start_va = 0x6ed60000 end_va = 0x6ee54fff monitored = 0 entry_point = 0x6edb4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 317 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 318 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 319 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 320 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 321 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 322 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 323 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 324 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 325 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 326 start_va = 0x2130000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 327 start_va = 0x7a0000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 328 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 329 start_va = 0x5c0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 330 start_va = 0x2130000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 331 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 332 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 333 start_va = 0x2300000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 334 start_va = 0x600000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 335 start_va = 0x7a0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 336 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 337 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 338 start_va = 0x4400000 end_va = 0x4736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 339 start_va = 0x6d400000 end_va = 0x6e6b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 340 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 341 start_va = 0x7e0000 end_va = 0x870fff monitored = 0 entry_point = 0x818cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 342 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 343 start_va = 0x6f720000 end_va = 0x6f79ffff monitored = 1 entry_point = 0x6f721180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 344 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 345 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 346 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 347 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 348 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 349 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 350 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 351 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 352 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 353 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 354 start_va = 0x4740000 end_va = 0x483ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 355 start_va = 0x4840000 end_va = 0x583ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 356 start_va = 0x5840000 end_va = 0x596ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 357 start_va = 0x5970000 end_va = 0x696ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 358 start_va = 0x6970000 end_va = 0x6bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006970000" filename = "" Region: id = 359 start_va = 0x6bc0000 end_va = 0x6d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006bc0000" filename = "" Region: id = 360 start_va = 0x2230000 end_va = 0x2291fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 361 start_va = 0x6ca30000 end_va = 0x6d3fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 362 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 363 start_va = 0x860000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 364 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 365 start_va = 0x850000 end_va = 0x877fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 366 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 367 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 368 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 369 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 370 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 371 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 372 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 373 start_va = 0xb40000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 374 start_va = 0xb50000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 375 start_va = 0xb60000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 376 start_va = 0xb70000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 377 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 378 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 379 start_va = 0xb30000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 380 start_va = 0x6bc0000 end_va = 0x6cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006bc0000" filename = "" Region: id = 381 start_va = 0x6d20000 end_va = 0x6d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d20000" filename = "" Region: id = 382 start_va = 0x6d30000 end_va = 0x6df3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d30000" filename = "" Region: id = 383 start_va = 0x6d30000 end_va = 0x6e54fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d30000" filename = "" Region: id = 384 start_va = 0x6d30000 end_va = 0x6e58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d30000" filename = "" Thread: id = 1 os_tid = 0xc04 [0097.747] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0097.778] RoInitialize () returned 0x1 [0097.779] RoUninitialize () returned 0x0 [0100.161] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x27e00, lpName=0x0) returned 0x27c [0100.162] memcpy (in: _Dst=0x850000, _Src=0x3b63150, _Size=0x27e00 | out: _Dst=0x850000) returned 0x850000 [0100.164] CloseHandle (hObject=0x27c) returned 1 [0101.545] CoTaskMemAlloc (cb=0xd) returned 0x6f1490 [0101.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.546] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.546] CoTaskMemFree (pv=0x6f1490) [0101.555] CoTaskMemAlloc (cb=0x11) returned 0x6e2110 [0101.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x23749c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0101.555] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800 [0101.555] CoTaskMemFree (pv=0x6e2110) [0101.563] CoTaskMemAlloc (cb=0xd) returned 0x6f1340 [0101.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374ab4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.563] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.563] CoTaskMemFree (pv=0x6f1340) [0101.563] CoTaskMemAlloc (cb=0x1a) returned 0x6fdf70 [0101.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x2374aec, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0101.563] GetProcAddress (hModule=0x76720000, lpProcName="Wow64SetThreadContext") returned 0x76763e60 [0101.563] CoTaskMemFree (pv=0x6fdf70) [0101.582] CoTaskMemAlloc (cb=0xd) returned 0x6f1418 [0101.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374bd4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.582] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.582] CoTaskMemFree (pv=0x6f1418) [0101.582] CoTaskMemAlloc (cb=0x15) returned 0x6e1fb0 [0101.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x2374c0c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0101.582] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490 [0101.582] CoTaskMemFree (pv=0x6e1fb0) [0101.584] CoTaskMemAlloc (cb=0xd) returned 0x6f14f0 [0101.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374cf0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.584] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.584] CoTaskMemFree (pv=0x6f14f0) [0101.584] CoTaskMemAlloc (cb=0x1a) returned 0x6fe218 [0101.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x2374d28, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0101.585] GetProcAddress (hModule=0x76720000, lpProcName="Wow64GetThreadContext") returned 0x76763e30 [0101.585] CoTaskMemFree (pv=0x6fe218) [0101.586] CoTaskMemAlloc (cb=0xd) returned 0x6f14f0 [0101.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374e10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.586] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.587] CoTaskMemFree (pv=0x6f14f0) [0101.587] CoTaskMemAlloc (cb=0x15) returned 0x6e2030 [0101.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x2374e48, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0101.587] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60 [0101.587] CoTaskMemFree (pv=0x6e2030) [0101.588] CoTaskMemAlloc (cb=0xd) returned 0x6f1460 [0101.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2374f20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.588] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.588] CoTaskMemFree (pv=0x6f1460) [0101.589] CoTaskMemAlloc (cb=0x13) returned 0x6e1f70 [0101.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x2374f58, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0101.589] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730 [0101.589] CoTaskMemFree (pv=0x6e1f70) [0101.596] CoTaskMemAlloc (cb=0xd) returned 0x6f1538 [0101.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2375030, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.597] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.597] CoTaskMemFree (pv=0x6f1538) [0101.597] CoTaskMemAlloc (cb=0x17) returned 0x6e1fb0 [0101.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x2375068, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0101.597] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850 [0101.597] CoTaskMemFree (pv=0x6e1fb0) [0101.606] CoTaskMemAlloc (cb=0xd) returned 0x6f1580 [0101.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2375148, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.606] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.606] CoTaskMemFree (pv=0x6f1580) [0101.606] CoTaskMemAlloc (cb=0x16) returned 0x6e1f70 [0101.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x2375180, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0101.607] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80 [0101.607] CoTaskMemFree (pv=0x6e1f70) [0101.615] CoTaskMemAlloc (cb=0xa) returned 0x6f1580 [0101.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x237525c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0101.615] LoadLibraryA (lpLibFileName="ntdll") returned 0x771d0000 [0101.615] CoTaskMemFree (pv=0x6f1580) [0101.615] CoTaskMemAlloc (cb=0x19) returned 0x6fe178 [0101.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x2375288, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0101.615] GetProcAddress (hModule=0x771d0000, lpProcName="ZwUnmapViewOfSection") returned 0x77246f40 [0101.615] CoTaskMemFree (pv=0x6fe178) [0101.623] CoTaskMemAlloc (cb=0xd) returned 0x6f1370 [0101.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x237536c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0101.623] LoadLibraryA (lpLibFileName="kernel32") returned 0x76720000 [0101.623] CoTaskMemFree (pv=0x6f1370) [0101.623] CoTaskMemAlloc (cb=0x13) returned 0x6e2030 [0101.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x23753a4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0101.623] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750 [0101.624] CoTaskMemFree (pv=0x6e2030) [0126.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19da58 | out: phkResult=0x19da58*=0x0) returned 0x2 [0126.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19ead4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0126.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", cchWideChar=56, lpMultiByteStr=0x19ef3c, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exeþ\x8e~", lpUsedDefaultChar=0x0) returned 56 [0126.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19ef38, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="l\x8f~", lpUsedDefaultChar=0x0) returned 0 [0126.982] CreateProcessA (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19efd4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f4a0 | out: lpCommandLine="", lpProcessInformation=0x19f4a0*(hProcess=0x254, hThread=0x214, dwProcessId=0xa5c, dwThreadId=0x1060)) returned 1 [0127.229] CoTaskMemFree (pv=0x0) [0127.237] GetThreadContext (in: hThread=0x214, lpContext=0x23815dc | out: lpContext=0x23815dc*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2d6000, Edx=0x0, Ecx=0x0, Eax=0xce46c0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0127.238] ReadProcessMemory (in: hProcess=0x254, lpBaseAddress=0x2d6008, lpBuffer=0x19f490, nSize=0x4, lpNumberOfBytesRead=0x19f4d4 | out: lpBuffer=0x19f490*, lpNumberOfBytesRead=0x19f4d4*=0x4) returned 1 [0127.238] VirtualAllocEx (hProcess=0x254, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0127.240] WriteProcessMemory (in: hProcess=0x254, lpBaseAddress=0x400000, lpBuffer=0x424b768*, nSize=0x200, lpNumberOfBytesWritten=0x19f4d4 | out: lpBuffer=0x424b768*, lpNumberOfBytesWritten=0x19f4d4*=0x200) returned 1 [0127.247] WriteProcessMemory (in: hProcess=0x254, lpBaseAddress=0x402000, lpBuffer=0x427f988*, nSize=0x33800, lpNumberOfBytesWritten=0x19f4d4 | out: lpBuffer=0x427f988*, lpNumberOfBytesWritten=0x19f4d4*=0x33800) returned 1 [0127.265] WriteProcessMemory (in: hProcess=0x254, lpBaseAddress=0x436000, lpBuffer=0x23818b4*, nSize=0x600, lpNumberOfBytesWritten=0x19f4d4 | out: lpBuffer=0x23818b4*, lpNumberOfBytesWritten=0x19f4d4*=0x600) returned 1 [0127.272] WriteProcessMemory (in: hProcess=0x254, lpBaseAddress=0x438000, lpBuffer=0x2381ec0*, nSize=0x200, lpNumberOfBytesWritten=0x19f4d4 | out: lpBuffer=0x2381ec0*, lpNumberOfBytesWritten=0x19f4d4*=0x200) returned 1 [0127.282] WriteProcessMemory (in: hProcess=0x254, lpBaseAddress=0x2d6008, lpBuffer=0x23820cc*, nSize=0x4, lpNumberOfBytesWritten=0x19f4d4 | out: lpBuffer=0x23820cc*, lpNumberOfBytesWritten=0x19f4d4*=0x4) returned 1 [0127.285] SetThreadContext (hThread=0x214, lpContext=0x23815dc*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2d6000, Edx=0x0, Ecx=0x0, Eax=0x4357de, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0127.286] ResumeThread (hThread=0x214) returned 0x1 [0127.321] CoGetContextToken (in: pToken=0x19fdc0 | out: pToken=0x19fdc0) returned 0x0 [0127.321] CObjectContext::QueryInterface () returned 0x0 [0127.322] CObjectContext::GetCurrentThreadType () returned 0x0 [0127.322] Release () returned 0x0 [0127.323] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0127.323] CObjectContext::QueryInterface () returned 0x0 [0127.323] CObjectContext::GetCurrentThreadType () returned 0x0 [0127.323] Release () returned 0x0 [0127.323] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0127.324] CObjectContext::QueryInterface () returned 0x0 [0127.324] CObjectContext::GetCurrentThreadType () returned 0x0 [0127.324] Release () returned 0x0 [0127.368] CoGetContextToken (in: pToken=0x19fadc | out: pToken=0x19fadc) returned 0x0 [0127.368] CObjectContext::QueryInterface () returned 0x0 [0127.368] CObjectContext::GetCurrentThreadType () returned 0x0 [0127.368] Release () returned 0x0 [0127.369] CoGetContextToken (in: pToken=0x19faf4 | out: pToken=0x19faf4) returned 0x0 [0127.369] CObjectContext::QueryInterface () returned 0x0 [0127.369] CObjectContext::GetCurrentThreadType () returned 0x0 [0127.369] Release () returned 0x0 [0127.371] CoUninitialize () Thread: id = 2 os_tid = 0xc40 Thread: id = 3 os_tid = 0xce4 Thread: id = 4 os_tid = 0xcdc [0097.783] CoGetContextToken (in: pToken=0x43ffc74 | out: pToken=0x43ffc74) returned 0x0 [0097.784] CObjectContext::QueryInterface () returned 0x0 [0097.784] CObjectContext::GetCurrentThreadType () returned 0x0 [0097.784] Release () returned 0x0 [0097.784] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0097.784] RoInitialize () returned 0x1 [0097.784] RoUninitialize () returned 0x0 [0127.365] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0xccc [0118.762] CoGetContextToken (in: pToken=0x483fd0c | out: pToken=0x483fd0c) returned 0x0 [0118.764] CObjectContext::QueryInterface () returned 0x0 [0118.764] CObjectContext::GetCurrentThreadType () returned 0x0 [0118.764] Release () returned 0x0 Thread: id = 6 os_tid = 0x10c8 Thread: id = 7 os_tid = 0x10bc Process: id = "2" image_name = "cvtres.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe" page_root = "0x70d4f000" os_pid = "0xa5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbec" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 385 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 386 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 387 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 388 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 389 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 390 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 391 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 392 start_va = 0xce0000 end_va = 0xce9fff monitored = 0 entry_point = 0xce46c0 region_type = mapped_file name = "cvtres.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe") Region: id = 393 start_va = 0xcf0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 394 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 395 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 396 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 397 start_va = 0xfffe0000 end_va = 0x7dfa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 398 start_va = 0x7dfa16770000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa16770000" filename = "" Region: id = 399 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 400 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 401 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 402 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 403 start_va = 0x400000 end_va = 0x439fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 404 start_va = 0x440000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 405 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 406 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 407 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 408 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 409 start_va = 0x490000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 410 start_va = 0x6f550000 end_va = 0x6f5a8fff monitored = 1 entry_point = 0x6f560780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 411 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 412 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 413 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 414 start_va = 0xffeb0000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffeb0000" filename = "" Region: id = 415 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 416 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 417 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 418 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 419 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 420 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 421 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 422 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 423 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 424 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 425 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 426 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 427 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 428 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 429 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 430 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 431 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 432 start_va = 0x7a0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 433 start_va = 0x6f8a0000 end_va = 0x6f91cfff monitored = 1 entry_point = 0x6f8b0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 434 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 435 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 436 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 437 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 438 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 439 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 440 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 441 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 442 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 443 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 444 start_va = 0x4cf0000 end_va = 0x60effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cf0000" filename = "" Region: id = 445 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 446 start_va = 0x6f890000 end_va = 0x6f897fff monitored = 0 entry_point = 0x6f8917b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 447 start_va = 0x6ee60000 end_va = 0x6f540fff monitored = 1 entry_point = 0x6ee8cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 448 start_va = 0x6ed60000 end_va = 0x6ee54fff monitored = 0 entry_point = 0x6edb4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 449 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 450 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 451 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 452 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 453 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 454 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 455 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 456 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 457 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 458 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 459 start_va = 0x7d0000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 460 start_va = 0x60f0000 end_va = 0x62effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 461 start_va = 0x7d0000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 462 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 463 start_va = 0x60f0000 end_va = 0x61effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 464 start_va = 0x62e0000 end_va = 0x62effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062e0000" filename = "" Region: id = 465 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 466 start_va = 0x62f0000 end_va = 0x82effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062f0000" filename = "" Region: id = 467 start_va = 0x850000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 468 start_va = 0xc50000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 469 start_va = 0x82f0000 end_va = 0x83effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082f0000" filename = "" Region: id = 470 start_va = 0x83f0000 end_va = 0x8726fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 471 start_va = 0x6d400000 end_va = 0x6e6b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 472 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 473 start_va = 0x61f0000 end_va = 0x6280fff monitored = 0 entry_point = 0x6228cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 474 start_va = 0x73dd0000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73e09a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 475 start_va = 0x61f0000 end_va = 0x62bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061f0000" filename = "" Region: id = 476 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 477 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 478 start_va = 0x6f810000 end_va = 0x6f88ffff monitored = 1 entry_point = 0x6f811180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 479 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 480 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 481 start_va = 0x6ca30000 end_va = 0x6d3fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 482 start_va = 0x6f680000 end_va = 0x6f80efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll") Region: id = 483 start_va = 0x6bdc0000 end_va = 0x6ca26fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll") Region: id = 484 start_va = 0x6b690000 end_va = 0x6bdb0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 485 start_va = 0x6ec60000 end_va = 0x6ed50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll") Region: id = 486 start_va = 0x6af70000 end_va = 0x6b68dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll") Region: id = 487 start_va = 0x8730000 end_va = 0x889ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008730000" filename = "" Region: id = 488 start_va = 0x764d0000 end_va = 0x764d5fff monitored = 0 entry_point = 0x764d1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 489 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 490 start_va = 0x61f0000 end_va = 0x628bfff monitored = 1 entry_point = 0x627e9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 491 start_va = 0x62b0000 end_va = 0x62bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062b0000" filename = "" Region: id = 492 start_va = 0x8730000 end_va = 0x882ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008730000" filename = "" Region: id = 493 start_va = 0x8890000 end_va = 0x889ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008890000" filename = "" Region: id = 494 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 495 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 496 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 497 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 498 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 499 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 500 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 501 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 502 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 503 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 504 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 505 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 506 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 507 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 508 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 509 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 510 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 511 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 512 start_va = 0x8f0000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 513 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 514 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 515 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 516 start_va = 0xc90000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 517 start_va = 0x8830000 end_va = 0x886ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008830000" filename = "" Region: id = 518 start_va = 0x88a0000 end_va = 0x899ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088a0000" filename = "" Region: id = 519 start_va = 0x89a0000 end_va = 0x8a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089a0000" filename = "" Region: id = 520 start_va = 0x8aa0000 end_va = 0x8adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008aa0000" filename = "" Region: id = 521 start_va = 0x8ae0000 end_va = 0x8bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ae0000" filename = "" Region: id = 522 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 523 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 524 start_va = 0xcd0000 end_va = 0xcd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 525 start_va = 0x6f630000 end_va = 0x6f671fff monitored = 1 entry_point = 0x6f63f380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 526 start_va = 0x6f5c0000 end_va = 0x6f626fff monitored = 0 entry_point = 0x6f5db610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 527 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 528 start_va = 0x6f930000 end_va = 0x6f93cfff monitored = 0 entry_point = 0x6f933520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 529 start_va = 0x6ec40000 end_va = 0x6ec5bfff monitored = 0 entry_point = 0x6ec4aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 885 start_va = 0x6ec20000 end_va = 0x6ec30fff monitored = 0 entry_point = 0x6ec28fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 886 start_va = 0x6eb60000 end_va = 0x6ec1efff monitored = 0 entry_point = 0x6eb91e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 887 start_va = 0x6ead0000 end_va = 0x6eb50fff monitored = 0 entry_point = 0x6eaeb260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 951 start_va = 0x6290000 end_va = 0x629efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 952 start_va = 0x8be0000 end_va = 0x8cbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 953 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 954 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 955 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 956 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 957 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 958 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 959 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 960 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 961 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 962 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 963 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 964 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 965 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 966 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 967 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 968 start_va = 0x62c0000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 969 start_va = 0x62c0000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 970 start_va = 0x62c0000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062c0000" filename = "" Region: id = 971 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 972 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 973 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 974 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 975 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 976 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 1066 start_va = 0x6eab0000 end_va = 0x6eac7fff monitored = 1 entry_point = 0x6eab55a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1067 start_va = 0x62a0000 end_va = 0x62affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 1068 start_va = 0x62c0000 end_va = 0x62d7fff monitored = 1 entry_point = 0x62c55a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1069 start_va = 0x8870000 end_va = 0x8887fff monitored = 1 entry_point = 0x88755a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1072 start_va = 0x8870000 end_va = 0x887ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008870000" filename = "" Region: id = 1073 start_va = 0x8880000 end_va = 0x888ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008880000" filename = "" Region: id = 1074 start_va = 0x8880000 end_va = 0x888ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008880000" filename = "" Region: id = 1075 start_va = 0x8880000 end_va = 0x888ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008880000" filename = "" Region: id = 1076 start_va = 0x8880000 end_va = 0x8884fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 1077 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1078 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1079 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1080 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1081 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1082 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1083 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1084 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1085 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1086 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1087 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1088 start_va = 0x8cc0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1089 start_va = 0x8cd0000 end_va = 0x8cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cd0000" filename = "" Region: id = 1090 start_va = 0x8cd0000 end_va = 0x8cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cd0000" filename = "" Region: id = 1091 start_va = 0x8cd0000 end_va = 0x8cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cd0000" filename = "" Region: id = 1092 start_va = 0x6e990000 end_va = 0x6eaacfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll") Region: id = 1093 start_va = 0x8cc0000 end_va = 0x8cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 1094 start_va = 0x8d00000 end_va = 0x8dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d00000" filename = "" Region: id = 1095 start_va = 0xffe60000 end_va = 0xffeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffe60000" filename = "" Region: id = 1096 start_va = 0xffe50000 end_va = 0xffe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffe50000" filename = "" Region: id = 1097 start_va = 0x8e00000 end_va = 0x8e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e00000" filename = "" Region: id = 1098 start_va = 0x8e40000 end_va = 0x8f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e40000" filename = "" Region: id = 1099 start_va = 0x6f920000 end_va = 0x6f92afff monitored = 1 entry_point = 0x6f9241f0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 1100 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1101 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1102 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1104 start_va = 0x8f40000 end_va = 0x8f44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008f40000" filename = "" Region: id = 1728 start_va = 0x8f40000 end_va = 0x8f42fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008f40000" filename = "" Region: id = 1729 start_va = 0x8f40000 end_va = 0x8f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1730 start_va = 0x8f80000 end_va = 0x907ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f80000" filename = "" Region: id = 1732 start_va = 0x8f40000 end_va = 0x8f52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008f40000" filename = "" Region: id = 1746 start_va = 0x8f40000 end_va = 0x8f42fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008f40000" filename = "" Region: id = 1747 start_va = 0x8f50000 end_va = 0x904ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f50000" filename = "" Region: id = 1748 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1749 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1750 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1751 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1752 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1753 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1754 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1755 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1756 start_va = 0x9050000 end_va = 0x908ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009050000" filename = "" Region: id = 1757 start_va = 0x9090000 end_va = 0x90cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009090000" filename = "" Region: id = 1758 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1759 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1760 start_va = 0x90d0000 end_va = 0x90dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090d0000" filename = "" Region: id = 1761 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1762 start_va = 0x90d0000 end_va = 0x90dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090d0000" filename = "" Region: id = 1763 start_va = 0x90e0000 end_va = 0x90effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090e0000" filename = "" Region: id = 1764 start_va = 0x90f0000 end_va = 0x90fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090f0000" filename = "" Region: id = 1765 start_va = 0x9100000 end_va = 0x910ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009100000" filename = "" Region: id = 1766 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1767 start_va = 0x90d0000 end_va = 0x910ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090d0000" filename = "" Region: id = 1768 start_va = 0x9110000 end_va = 0x920ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009110000" filename = "" Region: id = 1769 start_va = 0x9210000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1770 start_va = 0x9250000 end_va = 0x928ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009250000" filename = "" Region: id = 1771 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1772 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1773 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1774 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1775 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1776 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1777 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1778 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1779 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1780 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1781 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1782 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1783 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1784 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1785 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1786 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1787 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1788 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1789 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1790 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1791 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1792 start_va = 0x9290000 end_va = 0x929ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 1793 start_va = 0x92a0000 end_va = 0x92affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092a0000" filename = "" Region: id = 1794 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1795 start_va = 0x92c0000 end_va = 0x92cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092c0000" filename = "" Region: id = 1796 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1797 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1798 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1799 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1800 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1801 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1802 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1803 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1804 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1805 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1806 start_va = 0x8f40000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f40000" filename = "" Region: id = 1807 start_va = 0x6e890000 end_va = 0x6e953fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\754ca70e68140abcdb8476cff64c4169\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\754ca70e68140abcdb8476cff64c4169\\system.security.ni.dll") Region: id = 1808 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1809 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1810 start_va = 0x6e6f0000 end_va = 0x6e6f7fff monitored = 0 entry_point = 0x6e6f1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1811 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1812 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1813 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1814 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1815 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1816 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1817 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1818 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1819 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1820 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1821 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1822 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1823 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1824 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1825 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1826 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1827 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1828 start_va = 0x9230000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 1829 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1830 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1831 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1832 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1833 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1834 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1835 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1836 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1837 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1838 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1839 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1840 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1841 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1842 start_va = 0x9230000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 1843 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1844 start_va = 0x9250000 end_va = 0x925ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009250000" filename = "" Region: id = 1845 start_va = 0x9260000 end_va = 0x926ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009260000" filename = "" Region: id = 1846 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1847 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1848 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1849 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1850 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1851 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1852 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1853 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1854 start_va = 0x9230000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 1855 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1856 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1857 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1858 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1859 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1860 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1861 start_va = 0x9210000 end_va = 0x921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1862 start_va = 0x6fed0000 end_va = 0x6ff09fff monitored = 0 entry_point = 0x6fee9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1863 start_va = 0x6fe00000 end_va = 0x6fec7fff monitored = 0 entry_point = 0x6fe6ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1864 start_va = 0x9210000 end_va = 0x9213fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 1865 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1866 start_va = 0x9230000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 1867 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1868 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1869 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1870 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1871 start_va = 0x9230000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009230000" filename = "" Region: id = 1872 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1873 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1874 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1875 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1876 start_va = 0x9220000 end_va = 0x922ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009220000" filename = "" Region: id = 1877 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1878 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1879 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1880 start_va = 0x9250000 end_va = 0x925ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009250000" filename = "" Region: id = 1881 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1882 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1883 start_va = 0x9250000 end_va = 0x925ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009250000" filename = "" Region: id = 1884 start_va = 0x9260000 end_va = 0x926ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009260000" filename = "" Region: id = 1885 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1886 start_va = 0x9240000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 1887 start_va = 0x9240000 end_va = 0x92a1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 1888 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1889 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1890 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1891 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1892 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1893 start_va = 0x92b0000 end_va = 0x92b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1894 start_va = 0x92b0000 end_va = 0x92b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1895 start_va = 0x92b0000 end_va = 0x92b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1896 start_va = 0x92b0000 end_va = 0x92b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1897 start_va = 0x92b0000 end_va = 0x92b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1898 start_va = 0x92b0000 end_va = 0x92b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1899 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1900 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1901 start_va = 0x92b0000 end_va = 0x92effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1902 start_va = 0x92f0000 end_va = 0x93effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092f0000" filename = "" Region: id = 1904 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1905 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1906 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1907 start_va = 0x92b0000 end_va = 0x92effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1908 start_va = 0x92f0000 end_va = 0x93effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092f0000" filename = "" Region: id = 1912 start_va = 0x92b0000 end_va = 0x92b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000092b0000" filename = "" Region: id = 1913 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1914 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1915 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1916 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1917 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1918 start_va = 0x92b0000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1919 start_va = 0x714f0000 end_va = 0x7151efff monitored = 0 entry_point = 0x714fbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1920 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1921 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1922 start_va = 0x6e970000 end_va = 0x6e982fff monitored = 0 entry_point = 0x6e9725d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1923 start_va = 0x6e870000 end_va = 0x6e883fff monitored = 0 entry_point = 0x6e873c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1924 start_va = 0x713f0000 end_va = 0x713f7fff monitored = 0 entry_point = 0x713f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1925 start_va = 0x92b0000 end_va = 0x92effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092b0000" filename = "" Region: id = 1926 start_va = 0x92f0000 end_va = 0x93effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092f0000" filename = "" Region: id = 1927 start_va = 0x71400000 end_va = 0x7144efff monitored = 0 entry_point = 0x7140d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1928 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa31920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1929 start_va = 0x6f9e0000 end_va = 0x6fa26fff monitored = 0 entry_point = 0x6f9f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1930 start_va = 0x93f0000 end_va = 0x947efff monitored = 0 entry_point = 0x93fdd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1931 start_va = 0x6e7d0000 end_va = 0x6e861fff monitored = 0 entry_point = 0x6e7ddd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1932 start_va = 0x93f0000 end_va = 0x95cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 1933 start_va = 0x93f0000 end_va = 0x93f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000093f0000" filename = "" Region: id = 1934 start_va = 0x95c0000 end_va = 0x95cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095c0000" filename = "" Region: id = 1935 start_va = 0x93f0000 end_va = 0x94abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000093f0000" filename = "" Region: id = 1936 start_va = 0x94b0000 end_va = 0x94b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000094b0000" filename = "" Region: id = 1937 start_va = 0x94c0000 end_va = 0x94c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094c0000" filename = "" Region: id = 1938 start_va = 0x73db0000 end_va = 0x73dccfff monitored = 0 entry_point = 0x73db3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1940 start_va = 0x94d0000 end_va = 0x950ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094d0000" filename = "" Region: id = 1941 start_va = 0x9510000 end_va = 0x954ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009510000" filename = "" Region: id = 1942 start_va = 0x9550000 end_va = 0x958ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009550000" filename = "" Region: id = 1943 start_va = 0x95d0000 end_va = 0x96cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095d0000" filename = "" Region: id = 2084 start_va = 0x9110000 end_va = 0x914ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009110000" filename = "" Region: id = 2085 start_va = 0x9150000 end_va = 0x918ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009150000" filename = "" Region: id = 2086 start_va = 0x95d0000 end_va = 0x96cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095d0000" filename = "" Region: id = 2095 start_va = 0x8e40000 end_va = 0x8e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e40000" filename = "" Region: id = 2097 start_va = 0x6a0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 2098 start_va = 0x8e80000 end_va = 0x8ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e80000" filename = "" Region: id = 2099 start_va = 0x90d0000 end_va = 0x91cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090d0000" filename = "" Thread: id = 8 os_tid = 0x1060 [0128.405] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0129.057] RoInitialize () returned 0x1 [0129.057] RoUninitialize () returned 0x0 [0130.597] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x230 [0130.598] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x234 [0130.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e604 | out: phkResult=0x19e604*=0x244) returned 0x0 [0130.678] RegQueryValueExW (in: hKey=0x244, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x0, lpcbData=0x19e620*=0x0 | out: lpType=0x19e624*=0x1, lpData=0x0, lpcbData=0x19e620*=0xe) returned 0x0 [0130.678] RegQueryValueExW (in: hKey=0x244, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x62f45fc, lpcbData=0x19e620*=0xe | out: lpType=0x19e624*=0x1, lpData="Client", lpcbData=0x19e620*=0xe) returned 0x0 [0130.682] RegCloseKey (hKey=0x244) returned 0x0 [0131.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0131.421] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cec0 | out: phkResult=0x19cec0*=0x0) returned 0x2 [0131.945] GetCurrentProcess () returned 0xffffffff [0131.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x244) returned 1 [0131.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19dd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0131.960] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0131.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0131.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e238) returned 1 [0131.970] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x248 [0131.970] GetFileType (hFile=0x248) returned 0x1 [0131.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e234) returned 1 [0131.970] GetFileType (hFile=0x248) returned 0x1 [0132.015] GetFileSize (in: hFile=0x248, lpFileSizeHigh=0x19e2f4 | out: lpFileSizeHigh=0x19e2f4*=0x0) returned 0x8c8f [0132.016] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2b0, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e2b0*=0x1000, lpOverlapped=0x0) returned 1 [0132.043] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e160, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e160*=0x1000, lpOverlapped=0x0) returned 1 [0132.045] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0132.046] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0132.046] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0132.046] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df4c, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19df4c*=0x1000, lpOverlapped=0x0) returned 1 [0132.054] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0cc, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e0cc*=0x1000, lpOverlapped=0x0) returned 1 [0132.057] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1 [0132.057] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19dfdc*=0xc8f, lpOverlapped=0x0) returned 1 [0132.058] ReadFile (in: hFile=0x248, lpBuffer=0x62f8920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e09c, lpOverlapped=0x0 | out: lpBuffer=0x62f8920*, lpNumberOfBytesRead=0x19e09c*=0x0, lpOverlapped=0x0) returned 1 [0132.058] CloseHandle (hObject=0x248) returned 1 [0132.066] GetCurrentProcess () returned 0xffffffff [0132.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x248) returned 1 [0132.068] GetCurrentProcess () returned 0xffffffff [0132.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x24c) returned 1 [0132.071] GetCurrentProcess () returned 0xffffffff [0132.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x250) returned 1 [0132.071] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ca8931, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ca8931, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ca8931, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0132.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0132.072] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ca8931, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ca8931, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ca8931, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0132.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0132.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e238) returned 1 [0132.072] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0132.072] GetFileType (hFile=0x254) returned 0x1 [0132.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e234) returned 1 [0132.072] GetFileType (hFile=0x254) returned 0x1 [0132.073] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x19e2f4 | out: lpFileSizeHigh=0x19e2f4*=0x0) returned 0x119 [0132.073] ReadFile (in: hFile=0x254, lpBuffer=0x6310e4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2b0, lpOverlapped=0x0 | out: lpBuffer=0x6310e4c*, lpNumberOfBytesRead=0x19e2b0*=0x119, lpOverlapped=0x0) returned 1 [0132.073] ReadFile (in: hFile=0x254, lpBuffer=0x6310e4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e188, lpOverlapped=0x0 | out: lpBuffer=0x6310e4c*, lpNumberOfBytesRead=0x19e188*=0x0, lpOverlapped=0x0) returned 1 [0132.074] CloseHandle (hObject=0x254) returned 1 [0132.074] GetCurrentProcess () returned 0xffffffff [0132.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x254) returned 1 [0132.075] GetCurrentProcess () returned 0xffffffff [0132.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x258) returned 1 [0132.110] GetCurrentProcess () returned 0xffffffff [0132.110] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2a4 | out: TokenHandle=0x19e2a4*=0x25c) returned 1 [0132.168] GetCurrentProcess () returned 0xffffffff [0132.168] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2b4 | out: TokenHandle=0x19e2b4*=0x260) returned 1 [0132.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x264) returned 0x0 [0132.234] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x0, lpcbData=0x19f400*=0x0 | out: lpType=0x19f404*=0x4, lpData=0x0, lpcbData=0x19f400*=0x4) returned 0x0 [0132.241] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x19f3f0, lpcbData=0x19f400*=0x4 | out: lpType=0x19f404*=0x4, lpData=0x19f3f0*=0x1, lpcbData=0x19f400*=0x4) returned 0x0 [0132.243] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f43c, lpData=0x0, lpcbData=0x19f438*=0x0 | out: lpType=0x19f43c*=0x4, lpData=0x0, lpcbData=0x19f438*=0x4) returned 0x0 [0132.249] RegCloseKey (hKey=0x264) returned 0x0 [0132.260] GetCurrentProcessId () returned 0xa5c [0132.267] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ec84 | out: lpLuid=0x19ec84*(LowPart=0x14, HighPart=0)) returned 1 [0132.270] GetCurrentProcess () returned 0xffffffff [0132.270] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ec80 | out: TokenHandle=0x19ec80*=0x26c) returned 1 [0132.270] AdjustTokenPrivileges (in: TokenHandle=0x26c, DisableAllPrivileges=0, NewState=0x631793c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0132.271] CloseHandle (hObject=0x26c) returned 1 [0132.275] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa5c) returned 0x26c [0132.349] EnumProcessModules (in: hProcess=0x26c, lphModule=0x6317980, cb=0x100, lpcbNeeded=0x19f3f0 | out: lphModule=0x6317980, lpcbNeeded=0x19f3f0) returned 1 [0132.353] GetModuleInformation (in: hProcess=0x26c, hModule=0x400000, lpmodinfo=0x6317ac0, cb=0xc | out: lpmodinfo=0x6317ac0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0132.356] CoTaskMemAlloc (cb=0x804) returned 0x613f08 [0132.357] GetModuleBaseNameW (in: hProcess=0x26c, hModule=0x400000, lpBaseName=0x613f08, nSize=0x800 | out: lpBaseName="cvtres.exe") returned 0xa [0132.358] CoTaskMemFree (pv=0x613f08) [0132.359] CoTaskMemAlloc (cb=0x804) returned 0x613f08 [0132.359] GetModuleFileNameExW (in: hProcess=0x26c, hModule=0x400000, lpFilename=0x613f08, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe")) returned 0x38 [0132.360] CoTaskMemFree (pv=0x613f08) [0132.360] CloseHandle (hObject=0x26c) returned 1 [0132.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", nBufferLength=0x105, lpBuffer=0x19eef8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", lpFilePart=0x0) returned 0x38 [0132.361] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x0) returned 0x2 [0132.392] EtwEventRegister (in: ProviderId=0x631bec4, EnableCallback=0x88905fe, CallbackContext=0x0, RegHandle=0x631bea0 | out: RegHandle=0x631bea0) returned 0x0 [0132.397] EtwEventSetInformation (RegHandle=0x5b0980, InformationClass=0x1c, EventInformation=0x2, InformationLength=0x631be54) returned 0x0 [0132.444] GetCurrentProcessId () returned 0xa5c [0132.444] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa5c) returned 0x270 [0132.444] EnumProcessModules (in: hProcess=0x270, lphModule=0x631d8a8, cb=0x100, lpcbNeeded=0x19f3f8 | out: lphModule=0x631d8a8, lpcbNeeded=0x19f3f8) returned 1 [0132.444] GetModuleInformation (in: hProcess=0x270, hModule=0x400000, lpmodinfo=0x631d9e8, cb=0xc | out: lpmodinfo=0x631d9e8*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0132.445] CoTaskMemAlloc (cb=0x804) returned 0x613f08 [0132.445] GetModuleBaseNameW (in: hProcess=0x270, hModule=0x400000, lpBaseName=0x613f08, nSize=0x800 | out: lpBaseName="cvtres.exe") returned 0xa [0132.445] CoTaskMemFree (pv=0x613f08) [0132.445] CoTaskMemAlloc (cb=0x804) returned 0x613f08 [0132.445] GetModuleFileNameExW (in: hProcess=0x270, hModule=0x400000, lpFilename=0x613f08, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe")) returned 0x38 [0132.445] CoTaskMemFree (pv=0x613f08) [0132.445] CloseHandle (hObject=0x270) returned 1 [0132.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", nBufferLength=0x105, lpBuffer=0x19ef00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", lpFilePart=0x0) returned 0x38 [0132.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x0) returned 0x2 [0132.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x270) returned 0x0 [0132.446] RegQueryValueExW (in: hKey=0x270, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x19f40c, lpData=0x0, lpcbData=0x19f408*=0x0 | out: lpType=0x19f40c*=0x0, lpData=0x0, lpcbData=0x19f408*=0x0) returned 0x2 [0132.446] RegCloseKey (hKey=0x270) returned 0x0 [0132.718] GetCurrentProcessId () returned 0xa5c [0132.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x72f94d0, Length=0x20000, ResultLength=0x19f454 | out: SystemInformation=0x72f94d0, ResultLength=0x19f454*=0x15760) returned 0x0 [0132.771] GetCurrentProcessId () returned 0xa5c [0132.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x72f94d0, Length=0x20000, ResultLength=0x19f444 | out: SystemInformation=0x72f94d0, ResultLength=0x19f444*=0x15760) returned 0x0 [0139.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19edd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2e4) returned 1 [0139.864] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f360 | out: lpFileInformation=0x19f360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0139.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2e0) returned 1 [0140.107] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f23c | out: pfEnabled=0x19f23c) returned 0x0 [0140.380] CreateBindCtx (in: reserved=0x0, ppbc=0x19f420 | out: ppbc=0x19f420*=0x5f1e28) returned 0x0 [0140.381] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eed4 | out: ppvObject=0x19eed4*=0x5f1e28) returned 0x0 [0140.390] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee90 | out: ppvObject=0x19ee90*=0x0) returned 0x80004002 [0140.390] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x0) returned 0x80004002 [0140.390] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea84 | out: ppvObject=0x19ea84*=0x0) returned 0x80004002 [0140.391] IUnknown:AddRef (This=0x5f1e28) returned 0x3 [0140.391] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0140.391] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0140.391] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7a0 | out: ppvObject=0x19e7a0*=0x0) returned 0x80004002 [0140.392] CoGetContextToken (in: pToken=0x19e800 | out: pToken=0x19e800) returned 0x0 [0140.392] CObjectContext::QueryInterface () returned 0x0 [0140.393] CObjectContext::GetCurrentApartmentType () returned 0x0 [0140.393] Release () returned 0x0 [0140.394] CoGetObjectContext (in: riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x613ec4 | out: ppv=0x613ec4*=0x5dfa30) returned 0x0 [0140.431] CoGetContextToken (in: pToken=0x19ec08 | out: pToken=0x19ec08) returned 0x0 [0140.431] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec94 | out: ppvObject=0x19ec94*=0x0) returned 0x80004002 [0140.433] IUnknown:Release (This=0x5f1e28) returned 0x2 [0140.433] CoGetContextToken (in: pToken=0x19f1e8 | out: pToken=0x19f1e8) returned 0x0 [0140.435] CoGetContextToken (in: pToken=0x19f148 | out: pToken=0x19f148) returned 0x0 [0140.435] IUnknown:QueryInterface (in: This=0x5f1e28, riid=0x19f218*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x5f1e28) returned 0x0 [0140.435] IUnknown:AddRef (This=0x5f1e28) returned 0x4 [0140.435] IUnknown:Release (This=0x5f1e28) returned 0x3 [0140.435] IUnknown:Release (This=0x5f1e28) returned 0x2 [0140.437] CoGetContextToken (in: pToken=0x19f268 | out: pToken=0x19f268) returned 0x0 [0140.437] IUnknown:AddRef (This=0x5f1e28) returned 0x3 [0140.438] MkParseDisplayName (in: pbc=0x5f1e28, szUserName="WinMgmts:", pchEaten=0x19f454, ppmk=0x19f40c | out: pchEaten=0x19f454, ppmk=0x19f40c*=0x616a58) returned 0x0 [0141.907] malloc (_Size=0x80) returned 0x9230a0 [0141.908] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61e558 [0141.908] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.909] DllGetClassObject (in: rclsid=0x648b3c*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x762c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1f8 | out: ppv=0x19f1f8*=0x61e498) returned 0x0 [0141.909] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61e498 [0141.909] WinMGMTS:IClassFactory:CreateInstance (in: This=0x61e498, pUnkOuter=0x0, riid=0x74dc6800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1a0 | out: ppvObject=0x19f1a0*=0x61ba88) returned 0x0 [0141.910] GetVersionExW (in: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efb8, dwMinorVersion=0x7673234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\㟟≶) | out: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x3, dwBuildNumber=0x2580, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0141.911] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef50 | out: phkResult=0x19ef50*=0x36c) returned 0x0 [0141.911] RegQueryValueExW (in: hKey=0x36c, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef48, lpcbData=0x19ef54*=0x4 | out: lpType=0x0, lpData=0x19ef48*=0x3, lpcbData=0x19ef54*=0x4) returned 0x0 [0141.911] RegCloseKey (hKey=0x36c) returned 0x0 [0141.911] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649938 [0141.911] GetSystemDirectoryW (in: lpBuffer=0x649938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0141.911] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76600000 [0141.911] GetProcAddress (hModule=0x76600000, lpProcName="DuplicateTokenEx") returned 0x76620ad0 [0141.911] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.912] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x616ad0 [0141.912] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61ba88 [0141.912] WinMGMTS:IUnknown:Release (This=0x61e498) returned 0x0 [0141.912] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0141.912] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x61ba88, pbc=0x5f1e28, pszDisplayName="WinMgmts:", pchEaten=0x19f3b0, ppmkOut=0x19f3ac | out: pchEaten=0x19f3b0*=0x9, ppmkOut=0x19f3ac*=0x616a58) returned 0x0 [0141.912] ApiSetQueryApiSetPresence () returned 0x0 [0141.912] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0141.913] IBindCtx:GetObjectParam (in: This=0x5f1e28, pszKey=0x6f633e5c, ppunk=0x19f258 | out: ppunk=0x19f258*=0x0) returned 0x80004005 [0141.913] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b48d8 [0141.913] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0141.913] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f7f98 [0141.913] ResolveDelayLoadedAPI () returned 0x76330060 [0141.914] CoCreateInstance (in: rclsid=0x6f631c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f631c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5f7fb0 | out: ppv=0x5f7fb0*=0x61b9f8) returned 0x0 [0142.122] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f8548 [0142.122] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f3448 [0142.122] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b4918 [0142.122] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0142.123] GetCurrentThreadId () returned 0x1060 [0142.123] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0142.123] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0142.123] GetCurrentThreadId () returned 0x1060 [0142.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0cc | out: phkResult=0x19f0cc*=0x374) returned 0x0 [0142.125] RegQueryValueExW (in: hKey=0x374, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x16) returned 0x0 [0142.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b45f8 [0142.125] RegQueryValueExW (in: hKey=0x374, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x5b45f8, lpcbData=0x19f0d0*=0x16 | out: lpType=0x0, lpData=0x5b45f8*=0x72, lpcbData=0x19f0d0*=0x16) returned 0x0 [0142.125] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5b4558 [0142.127] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.127] RegCloseKey (hKey=0x374) returned 0x0 [0142.128] CoCreateInstance (in: rclsid=0x6f6321a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f6321b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f104 | out: ppv=0x19f104*=0x5e9298) returned 0x0 [0142.477] SysStringLen (param_1=".") returned 0x1 [0142.477] WbemDefPath:IWbemPath:SetServer (This=0x5e9298, Name=".") returned 0x0 [0142.477] CoCreateInstance (in: rclsid=0x6f6321a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f6321b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0b0 | out: ppv=0x19f0b0*=0x61edc0) returned 0x0 [0142.477] CoCreateInstance (in: rclsid=0x6f6321a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f6321b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f04c | out: ppv=0x19f04c*=0x649938) returned 0x0 [0142.477] WbemDefPath:IWbemPath:SetText (This=0x649938, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0142.477] WbemDefPath:IUnknown:Release (This=0x649938) returned 0x0 [0142.477] SysStringLen (param_1="root\\cimv2") returned 0xa [0142.477] WbemDefPath:IWbemPath:SetText (This=0x61edc0, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0142.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x61edc0, puCount=0x19f0c8 | out: puCount=0x19f0c8*=0x2) returned 0x0 [0142.477] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x5e9298) returned 0x0 [0142.477] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x61edc0, uIndex=0x0, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x5, pName=0x0) returned 0x0 [0142.477] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649df0 [0142.478] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x61edc0, uIndex=0x0, puNameBufLength=0x19f084*=0x5, pName="" | out: puNameBufLength=0x19f084*=0x5, pName="root") returned 0x0 [0142.478] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.478] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5e9298, uIndex=0x0, pszName="root") returned 0x0 [0142.478] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x61edc0, uIndex=0x1, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x6, pName=0x0) returned 0x0 [0142.478] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649dc0 [0142.478] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x61edc0, uIndex=0x1, puNameBufLength=0x19f084*=0x6, pName="" | out: puNameBufLength=0x19f084*=0x6, pName="cimv2") returned 0x0 [0142.478] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.478] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x5e9298, uIndex=0x1, pszName="cimv2") returned 0x0 [0142.478] WbemDefPath:IUnknown:Release (This=0x61edc0) returned 0x0 [0142.478] WbemDefPath:IWbemPath:GetText (in: This=0x5e9298, lFlags=4, puBuffLength=0x19f0cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f0cc*=0xf, pszText=0x0) returned 0x0 [0142.478] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x616af8 [0142.478] WbemDefPath:IWbemPath:GetText (in: This=0x5e9298, lFlags=4, puBuffLength=0x19f0cc*=0xf, pszText="\\RPC Control\\" | out: puBuffLength=0x19f0cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0142.478] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0142.478] WbemDefPath:IUnknown:Release (This=0x5e9298) returned 0x0 [0142.479] WbemLocator:IWbemLocator:ConnectServer (in: This=0x61b9f8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f14c | out: ppNamespace=0x19f14c*=0x5f0580) returned 0x0 [0146.110] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61edc0 [0146.110] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f3808 [0146.110] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x640328 [0146.110] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0580, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f13c | out: ppvObject=0x19f13c*=0x6163b4) returned 0x0 [0146.110] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6163b4, pProxy=0x5f0580, pAuthnSvc=0x19f118, pAuthzSvc=0x19f11c, pServerPrincName=0x0, pAuthnLevel=0x19f18c, pImpLevel=0x19f194, pAuthInfo=0x0, pCapabilites=0x19f120 | out: pAuthnSvc=0x19f118*=0xa, pAuthzSvc=0x19f11c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f18c*=0x6, pImpLevel=0x19f194*=0x2, pAuthInfo=0x0, pCapabilites=0x19f120*=0x1) returned 0x0 [0146.110] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x1 [0146.110] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.110] GetCurrentThreadId () returned 0x1060 [0146.111] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0580, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x6163b4) returned 0x0 [0146.111] WbemLocator:IClientSecurity:CopyProxy (in: This=0x6163b4, pProxy=0x5f0580, ppCopy=0x19f1d8 | out: ppCopy=0x19f1d8*=0x5f0670) returned 0x0 [0146.111] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f050 | out: ppvObject=0x19f050*=0x6163b4) returned 0x0 [0146.111] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6163b4, pProxy=0x5f0670, pAuthnSvc=0x19f080, pAuthzSvc=0x19f07c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f080*=0xa, pAuthzSvc=0x19f07c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0146.111] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x3 [0146.111] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x6163d8) returned 0x0 [0146.111] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x6163b4) returned 0x0 [0146.111] WbemLocator:IClientSecurity:SetBlanket (This=0x6163b4, pProxy=0x5f0670, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0146.112] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x4 [0146.112] WbemLocator:IUnknown:Release (This=0x6163d8) returned 0x3 [0146.112] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x2 [0146.112] WbemLocator:IUnknown:AddRef (This=0x5f0670) returned 0x3 [0146.112] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f3868 [0146.112] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649e18 [0146.113] WbemLocator:IUnknown:Release (This=0x5f0580) returned 0x2 [0146.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.113] GetCurrentThreadId () returned 0x1060 [0146.113] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.113] GetCurrentThreadId () returned 0x1060 [0146.113] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1dc | out: ppvObject=0x19f1dc*=0x6163b4) returned 0x0 [0146.113] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6163b4, pProxy=0x5f0670, pAuthnSvc=0x19f1c8, pAuthzSvc=0x19f1cc, pServerPrincName=0x0, pAuthnLevel=0x19f1d8, pImpLevel=0x19f1d4, pAuthInfo=0x0, pCapabilites=0x19f1d0 | out: pAuthnSvc=0x19f1c8*=0xa, pAuthzSvc=0x19f1cc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1d8*=0x6, pImpLevel=0x19f1d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1d0*=0x20) returned 0x0 [0146.114] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x2 [0146.114] ResolveDelayLoadedAPI () returned 0x74df2060 [0146.114] CreatePointerMoniker (in: punk=0x61edc0, ppmk=0x19f3ac | out: ppmk=0x19f3ac*=0x616a58) returned 0x0 [0146.114] IUnknown:AddRef (This=0x61edc0) returned 0x2 [0146.118] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.118] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.119] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.119] WbemLocator:IUnknown:Release (This=0x61b9f8) returned 0x0 [0146.119] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.119] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.121] WinMGMTS:IUnknown:Release (This=0x61ba88) returned 0x0 [0146.121] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0146.125] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec8 | out: ppvObject=0x19eec8*=0x616a58) returned 0x0 [0146.125] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee84 | out: ppvObject=0x19ee84*=0x0) returned 0x80004002 [0146.125] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eca4 | out: ppvObject=0x19eca4*=0x0) returned 0x80004002 [0146.125] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea7c | out: ppvObject=0x19ea7c*=0x0) returned 0x80004002 [0146.125] IUnknown:AddRef (This=0x616a58) returned 0x3 [0146.126] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0146.126] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002 [0146.126] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x616a6c) returned 0x0 [0146.126] IMarshal:GetUnmarshalClass (in: This=0x616a6c, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7a0 | out: pCid=0x19e7a0*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0146.126] IUnknown:Release (This=0x616a6c) returned 0x3 [0146.126] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0146.126] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0146.126] IUnknown:QueryInterface (in: This=0x616a58, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002 [0146.127] IUnknown:Release (This=0x616a58) returned 0x2 [0146.127] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0146.127] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0146.127] IUnknown:QueryInterface (in: This=0x616a58, riid=0x19f208*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x616a58) returned 0x0 [0146.127] IUnknown:AddRef (This=0x616a58) returned 0x4 [0146.127] IUnknown:Release (This=0x616a58) returned 0x3 [0146.127] IUnknown:Release (This=0x5f1e28) returned 0x2 [0146.127] IUnknown:Release (This=0x616a58) returned 0x2 [0146.134] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0146.134] IUnknown:AddRef (This=0x616a58) returned 0x3 [0146.134] BindMoniker (in: pmk=0x616a58, grfOpt=0x0, iidResult=0x6392720*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f410 | out: ppvResult=0x19f410*=0x61edc0) returned 0x0 [0146.135] IUnknown:QueryInterface (in: This=0x61edc0, riid=0x6392720*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f410 | out: ppvObject=0x19f410*=0x61edc0) returned 0x0 [0146.136] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec64*=0x0 | out: pptlib=0x19ec64*=0x652230) returned 0x0 [0146.485] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x61ee04*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x61edec | out: ppTInfo=0x61edec*=0x653c84) returned 0x0 [0146.517] IUnknown:Release (This=0x652230) returned 0x1 [0146.545] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0146.546] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0146.546] IUnknown:Release (This=0x616a58) returned 0x2 [0146.753] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0146.753] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eec8*=0x0 | out: pptlib=0x19eec8*=0x652230) returned 0x0 [0146.755] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x61edf4*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x61ede8 | out: ppTInfo=0x61ede8*=0x653cb0) returned 0x0 [0146.755] IUnknown:Release (This=0x652230) returned 0x2 [0146.755] IUnknown:AddRef (This=0x653cb0) returned 0x2 [0146.755] DispGetIDsOfNames (in: ptinfo=0x653cb0, rgszNames=0x19ef50*="InstancesOf", cNames=0x1, rgdispid=0x19ef40 | out: rgdispid=0x19ef40*=5) returned 0x0 [0146.757] IUnknown:Release (This=0x653cb0) returned 0x1 [0146.760] IUnknown:AddRef (This=0x653cb0) returned 0x2 [0146.761] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.761] GetCurrentThreadId () returned 0x1060 [0146.761] WbemLocator:IUnknown:AddRef (This=0x5f0670) returned 0x3 [0146.761] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.761] GetCurrentThreadId () returned 0x1060 [0146.762] IWbemServices:CreateInstanceEnum (in: This=0x5f0670, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e73c | out: ppEnum=0x19e73c*=0x64acc0) returned 0x0 [0146.769] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f3748 [0146.769] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f3568 [0146.769] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5f32c8 [0146.769] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649e38 [0146.769] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x640100 [0146.769] IUnknown:QueryInterface (in: This=0x64acc0, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e4 | out: ppvObject=0x19e5e4*=0x64acc4) returned 0x0 [0146.770] IClientSecurity:QueryBlanket (in: This=0x64acc4, pProxy=0x64acc0, pAuthnSvc=0x19e5d0, pAuthzSvc=0x19e5d8, pServerPrincName=0x0, pAuthnLevel=0x19e60c, pImpLevel=0x19e610, pAuthInfo=0x0, pCapabilites=0x19e5d4 | out: pAuthnSvc=0x19e5d0*=0xa, pAuthzSvc=0x19e5d8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e60c*=0x6, pImpLevel=0x19e610*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5d4*=0x1) returned 0x0 [0146.770] IUnknown:Release (This=0x64acc4) returned 0x1 [0146.770] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.770] GetCurrentThreadId () returned 0x1060 [0146.770] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x6163b4) returned 0x0 [0146.770] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6163b4, pProxy=0x5f0670, pAuthnSvc=0x19e5bc, pAuthzSvc=0x19e5c0, pServerPrincName=0x0, pAuthnLevel=0x19e5cc, pImpLevel=0x19e5d0, pAuthInfo=0x0, pCapabilites=0x19e5c4 | out: pAuthnSvc=0x19e5bc*=0xa, pAuthzSvc=0x19e5c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5cc*=0x6, pImpLevel=0x19e5d0*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5c4*=0x20) returned 0x0 [0146.771] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x3 [0146.771] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.771] GetCurrentThreadId () returned 0x1060 [0146.771] WbemLocator:IUnknown:QueryInterface (in: This=0x5f0670, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x6163b4) returned 0x0 [0146.771] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6163b4, pProxy=0x5f0670, pAuthnSvc=0x19e5bc, pAuthzSvc=0x19e5c0, pServerPrincName=0x0, pAuthnLevel=0x19e5d0, pImpLevel=0x19e5cc, pAuthInfo=0x0, pCapabilites=0x19e5c4 | out: pAuthnSvc=0x19e5bc*=0xa, pAuthzSvc=0x19e5c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d0*=0x6, pImpLevel=0x19e5cc*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5c4*=0x20) returned 0x0 [0146.771] WbemLocator:IUnknown:Release (This=0x6163b4) returned 0x3 [0146.771] IUnknown:QueryInterface (in: This=0x64acc0, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x64acc4) returned 0x0 [0146.774] IClientSecurity:CopyProxy (in: This=0x64acc4, pProxy=0x64acc0, ppCopy=0x19e608 | out: ppCopy=0x19e608*=0x64be30) returned 0x0 [0146.774] IUnknown:QueryInterface (in: This=0x64be30, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e55c | out: ppvObject=0x19e55c*=0x64be34) returned 0x0 [0146.774] IClientSecurity:QueryBlanket (in: This=0x64be34, pProxy=0x64be30, pAuthnSvc=0x19e58c, pAuthzSvc=0x19e588, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e58c*=0xa, pAuthzSvc=0x19e588*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0146.774] IUnknown:Release (This=0x64be34) returned 0x3 [0146.775] IUnknown:QueryInterface (in: This=0x64be30, riid=0x6f631f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e540 | out: ppvObject=0x19e540*=0x6166d8) returned 0x0 [0146.775] IUnknown:QueryInterface (in: This=0x64be30, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x64be34) returned 0x0 [0146.775] IClientSecurity:SetBlanket (This=0x64be34, pProxy=0x64be30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0146.840] IUnknown:Release (This=0x64be34) returned 0x4 [0146.840] WbemLocator:IUnknown:Release (This=0x6166d8) returned 0x3 [0146.840] IUnknown:Release (This=0x64acc4) returned 0x2 [0146.840] IUnknown:AddRef (This=0x64be30) returned 0x3 [0146.840] IUnknown:Release (This=0x64acc0) returned 0x2 [0146.840] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e6f8 | out: pperrinfo=0x19e6f8*=0x0) returned 0x1 [0146.841] WbemLocator:IUnknown:Release (This=0x5f0670) returned 0x2 [0146.841] IUnknown:Release (This=0x653cb0) returned 0x1 [0146.842] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e724*=0x0 | out: pptlib=0x19e724*=0x652230) returned 0x0 [0146.843] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x5f3780*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5f3768 | out: ppTInfo=0x5f3768*=0x653db8) returned 0x0 [0146.843] IUnknown:Release (This=0x652230) returned 0x3 [0146.843] IUnknown:AddRef (This=0x653db8) returned 0x2 [0146.843] ITypeInfo:RemoteGetTypeAttr (in: This=0x653db8, ppTypeAttr=0x19e760, pDummy=0x3294c481 | out: ppTypeAttr=0x19e760, pDummy=0x3294c481) returned 0x0 [0146.883] ITypeInfo:LocalReleaseTypeAttr (This=0x653db8) returned 0x0 [0146.883] IUnknown:Release (This=0x653db8) returned 0x1 [0146.883] CoGetContextToken (in: pToken=0x19e2b8 | out: pToken=0x19e2b8) returned 0x0 [0146.883] CoGetContextToken (in: pToken=0x19e6c0 | out: pToken=0x19e6c0) returned 0x0 [0146.884] CoGetContextToken (in: pToken=0x19f2b0 | out: pToken=0x19f2b0) returned 0x0 [0146.884] CoGetContextToken (in: pToken=0x19f210 | out: pToken=0x19f210) returned 0x0 [0146.886] CoGetContextToken (in: pToken=0x19f228 | out: pToken=0x19f228) returned 0x0 [0146.887] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f218*=0x0 | out: pptlib=0x19f218*=0x652230) returned 0x0 [0146.888] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x5f3770*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5f3764 | out: ppTInfo=0x5f3764*=0x653d60) returned 0x0 [0146.888] IUnknown:Release (This=0x652230) returned 0x4 [0146.888] IUnknown:AddRef (This=0x653d60) returned 0x2 [0146.888] ITypeInfo:LocalInvoke (This=0x653d60) returned 0x0 [0146.888] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0146.889] GetCurrentThreadId () returned 0x1060 [0146.889] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x64e178 [0146.889] IUnknown:Release (This=0x653d60) returned 0x1 [0146.889] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0148.058] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5e5bf0 [0148.059] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5e5c78 [0148.142] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0 [0148.158] CoGetContextToken (in: pToken=0x19ea60 | out: pToken=0x19ea60) returned 0x0 [0148.158] IUnknown:AddRef (This=0x653d60) returned 0x2 [0148.158] ITypeInfo:LocalInvoke (This=0x653d60) returned 0x0 [0148.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.158] GetCurrentThreadId () returned 0x1060 [0148.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.158] GetCurrentThreadId () returned 0x1060 [0148.158] IUnknown:AddRef (This=0x64be30) returned 0x3 [0148.158] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.158] GetCurrentThreadId () returned 0x1060 [0148.159] IEnumWbemClassObject:Clone (in: This=0x64be30, ppEnum=0x19ea90 | out: ppEnum=0x19ea90*=0x65b568) returned 0x0 [0148.161] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x619ef8 [0148.161] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61a438 [0148.161] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x619b98 [0148.161] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649bd8 [0148.161] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6403e0 [0148.161] IUnknown:QueryInterface (in: This=0x65b568, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x65b56c) returned 0x0 [0148.161] IClientSecurity:QueryBlanket (in: This=0x65b56c, pProxy=0x65b568, pAuthnSvc=0x19e928, pAuthzSvc=0x19e930, pServerPrincName=0x0, pAuthnLevel=0x19e964, pImpLevel=0x19e968, pAuthInfo=0x0, pCapabilites=0x19e92c | out: pAuthnSvc=0x19e928*=0xa, pAuthzSvc=0x19e930*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e964*=0x6, pImpLevel=0x19e968*=0x2, pAuthInfo=0x0, pCapabilites=0x19e92c*=0x1) returned 0x0 [0148.161] IUnknown:Release (This=0x65b56c) returned 0x1 [0148.161] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.162] GetCurrentThreadId () returned 0x1060 [0148.162] IUnknown:QueryInterface (in: This=0x64be30, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x64be34) returned 0x0 [0148.162] IClientSecurity:QueryBlanket (in: This=0x64be34, pProxy=0x64be30, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e924, pImpLevel=0x19e928, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e924*=0x6, pImpLevel=0x19e928*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0 [0148.162] IUnknown:Release (This=0x64be34) returned 0x3 [0148.162] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.162] GetCurrentThreadId () returned 0x1060 [0148.162] IUnknown:QueryInterface (in: This=0x64be30, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x64be34) returned 0x0 [0148.162] IClientSecurity:QueryBlanket (in: This=0x64be34, pProxy=0x64be30, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e928, pImpLevel=0x19e924, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e928*=0x6, pImpLevel=0x19e924*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0 [0148.162] IUnknown:Release (This=0x64be34) returned 0x3 [0148.162] IUnknown:QueryInterface (in: This=0x65b568, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e95c | out: ppvObject=0x19e95c*=0x65b56c) returned 0x0 [0148.162] IClientSecurity:CopyProxy (in: This=0x65b56c, pProxy=0x65b568, ppCopy=0x19e960 | out: ppCopy=0x19e960*=0x65aff0) returned 0x0 [0148.163] IUnknown:QueryInterface (in: This=0x65aff0, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b4 | out: ppvObject=0x19e8b4*=0x65aff4) returned 0x0 [0148.163] IClientSecurity:QueryBlanket (in: This=0x65aff4, pProxy=0x65aff0, pAuthnSvc=0x19e8e4, pAuthzSvc=0x19e8e0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8e4*=0xa, pAuthzSvc=0x19e8e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0148.163] IUnknown:Release (This=0x65aff4) returned 0x3 [0148.163] IUnknown:QueryInterface (in: This=0x65aff0, riid=0x6f631f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e898 | out: ppvObject=0x19e898*=0x6165d8) returned 0x0 [0148.163] IUnknown:QueryInterface (in: This=0x65aff0, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e89c | out: ppvObject=0x19e89c*=0x65aff4) returned 0x0 [0148.163] IClientSecurity:SetBlanket (This=0x65aff4, pProxy=0x65aff0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0148.165] IUnknown:Release (This=0x65aff4) returned 0x4 [0148.165] WbemLocator:IUnknown:Release (This=0x6165d8) returned 0x3 [0148.165] IUnknown:Release (This=0x65b56c) returned 0x2 [0148.165] IUnknown:AddRef (This=0x65aff0) returned 0x3 [0148.165] IUnknown:Release (This=0x65b568) returned 0x2 [0148.165] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea50 | out: pperrinfo=0x19ea50*=0x0) returned 0x1 [0148.166] IUnknown:Release (This=0x64be30) returned 0x2 [0148.166] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.166] GetCurrentThreadId () returned 0x1060 [0148.166] IUnknown:AddRef (This=0x65aff0) returned 0x3 [0148.166] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.166] GetCurrentThreadId () returned 0x1060 [0148.166] IEnumWbemClassObject:Reset (This=0x65aff0) returned 0x0 [0148.167] IUnknown:Release (This=0x65aff0) returned 0x2 [0148.167] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x64e220 [0148.167] IUnknown:Release (This=0x653d60) returned 0x1 [0148.177] CoGetContextToken (in: pToken=0x19e240 | out: pToken=0x19e240) returned 0x0 [0148.177] CoGetContextToken (in: pToken=0x19e648 | out: pToken=0x19e648) returned 0x0 [0148.202] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0148.202] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.202] GetCurrentThreadId () returned 0x1060 [0148.203] IUnknown:AddRef (This=0x65aff0) returned 0x3 [0148.203] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.203] GetCurrentThreadId () returned 0x1060 [0148.203] IEnumWbemClassObject:Next (in: This=0x65aff0, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x61b150, puReturned=0x19f39c*=0x1) returned 0x0 [0148.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x64d700 [0148.214] IUnknown:AddRef (This=0x61b150) returned 0x2 [0148.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x660f48 [0148.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x619bf8 [0148.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61a0d8 [0148.214] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649c58 [0148.214] WbemLocator:IUnknown:AddRef (This=0x5f0670) returned 0x3 [0148.214] IUnknown:AddRef (This=0x65aff0) returned 0x4 [0148.214] IUnknown:QueryInterface (in: This=0x65aff0, riid=0x6f631f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e8 | out: ppvObject=0x19f3e8*=0x65aff4) returned 0x0 [0148.215] IClientSecurity:QueryBlanket (in: This=0x65aff4, pProxy=0x65aff0, pAuthnSvc=0x19f36c, pAuthzSvc=0x19f374, pServerPrincName=0x0, pAuthnLevel=0x19f398, pImpLevel=0x19f3a4, pAuthInfo=0x0, pCapabilites=0x19f368 | out: pAuthnSvc=0x19f36c*=0xa, pAuthzSvc=0x19f374*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f398*=0x6, pImpLevel=0x19f3a4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f368*=0x20) returned 0x0 [0148.215] IUnknown:Release (This=0x65aff4) returned 0x4 [0148.215] WbemLocator:IUnknown:Release (This=0x5f0670) returned 0x2 [0148.215] WbemLocator:IUnknown:AddRef (This=0x5f0670) returned 0x3 [0148.215] IUnknown:Release (This=0x65aff0) returned 0x3 [0148.215] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0148.215] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x655350 [0148.215] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649e98 [0148.215] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x658860 [0148.215] IUnknown:AddRef (This=0x61b150) returned 0x3 [0148.215] IUnknown:Release (This=0x61b150) returned 0x2 [0148.215] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1 [0148.215] IUnknown:Release (This=0x65aff0) returned 0x2 [0148.215] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1 [0148.218] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb94*=0x0 | out: pptlib=0x19eb94*=0x652230) returned 0x0 [0148.219] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x6f634c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x65536c | out: ppTInfo=0x65536c*=0x653de4) returned 0x0 [0148.219] IUnknown:Release (This=0x652230) returned 0x5 [0148.219] IUnknown:AddRef (This=0x653de4) returned 0x2 [0148.219] ITypeInfo:RemoteGetTypeAttr (in: This=0x653de4, ppTypeAttr=0x19ebd0, pDummy=0x3294c8f1 | out: ppTypeAttr=0x19ebd0, pDummy=0x3294c8f1) returned 0x0 [0148.220] ITypeInfo:LocalReleaseTypeAttr (This=0x653de4) returned 0x0 [0148.220] IUnknown:Release (This=0x653de4) returned 0x1 [0148.221] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0148.222] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0148.228] CoGetContextToken (in: pToken=0x19eef0 | out: pToken=0x19eef0) returned 0x0 [0148.229] LoadRegTypeLib (in: rguid=0x6f632198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eee8*=0x0 | out: pptlib=0x19eee8*=0x652230) returned 0x0 [0148.230] ITypeLib:GetTypeInfoOfGuid (in: This=0x652230, GUID=0x6f631e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x655368 | out: ppTInfo=0x655368*=0x653e10) returned 0x0 [0148.230] IUnknown:Release (This=0x652230) returned 0x6 [0148.230] IUnknown:AddRef (This=0x653e10) returned 0x2 [0148.230] DispGetIDsOfNames (in: ptinfo=0x653e10, rgszNames=0x19ef70*="SerialNumber", cNames=0x1, rgdispid=0x19ef60 | out: rgdispid=0x19ef60*=-1) returned 0x80020006 [0148.261] IUnknown:AddRef (This=0x61b150) returned 0x3 [0148.261] IWbemClassObject:Get (in: This=0x61b150, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0) returned 0x0 [0148.261] IUnknown:Release (This=0x61b150) returned 0x2 [0148.261] SysStringLen (param_1="SerialNumber") returned 0xc [0148.261] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6587e8 [0148.262] SysStringLen (param_1="SerialNumber") returned 0xc [0148.262] IUnknown:Release (This=0x653e10) returned 0x1 [0148.262] IUnknown:AddRef (This=0x653e10) returned 0x2 [0148.262] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.262] GetCurrentThreadId () returned 0x1060 [0148.262] SysStringLen (param_1="SerialNumber") returned 0xc [0148.262] IWbemClassObject:Get (in: This=0x61b150, wszName="SerialNumber", lFlags=0, pVal=0x19ece8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ece0*=1699140, plFlavor=0x0 | out: pVal=0x19ece8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ece0*=8, plFlavor=0x0) returned 0x0 [0148.263] IUnknown:Release (This=0x653e10) returned 0x1 [0148.263] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0148.263] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0148.315] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0148.315] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.316] GetCurrentThreadId () returned 0x1060 [0148.316] IUnknown:AddRef (This=0x65aff0) returned 0x3 [0148.316] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0148.316] GetCurrentThreadId () returned 0x1060 [0148.316] IEnumWbemClassObject:Next (in: This=0x65aff0, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x0, puReturned=0x19f39c*=0x0) returned 0x1 [0148.318] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1 [0148.318] IUnknown:Release (This=0x65aff0) returned 0x2 [0148.318] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1 [0148.515] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0148.517] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0148.531] SetEvent (hEvent=0x3b4) returned 1 [0148.533] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3c4*=0x3a4, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0 [0148.584] CoGetContextToken (in: pToken=0x19f290 | out: pToken=0x19f290) returned 0x0 [0148.584] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0148.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x19f2c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2bc | out: ppvObject=0x19f2bc*=0x64b450) returned 0x0 [0148.584] WbemDefPath:IUnknown:AddRef (This=0x64b450) returned 0x3 [0148.584] WbemDefPath:IUnknown:Release (This=0x64b450) returned 0x2 [0148.589] WbemDefPath:IWbemPath:SetText (This=0x64b450, uMode=0x4, pszPath="win32_processor") returned 0x0 [0148.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64b450, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0148.649] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f440*=0x0, pszText=0x0 | out: puBuffLength=0x19f440*=0x10, pszText=0x0) returned 0x0 [0148.649] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f440*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f440*=0x10, pszText="win32_processor") returned 0x0 [0148.650] WbemDefPath:IWbemPath:GetInfo (in: This=0x64b450, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0148.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64b450, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetInfo (in: This=0x64b450, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64b450, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64b450, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0 [0148.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64b450, puCount=0x19f3c4 | out: puCount=0x19f3c4*=0x0) returned 0x0 [0148.652] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d8 [0148.652] SetEvent (hEvent=0x3b4) returned 1 [0148.652] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec1c*=0x3d8, lpdwindex=0x19ea3c | out: lpdwindex=0x19ea3c) returned 0x0 [0148.656] CoGetContextToken (in: pToken=0x19eae8 | out: pToken=0x19eae8) returned 0x0 [0148.656] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0148.656] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x19eb18*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb14 | out: ppvObject=0x19eb14*=0x64be70) returned 0x0 [0148.656] WbemDefPath:IUnknown:AddRef (This=0x64be70) returned 0x3 [0148.656] WbemDefPath:IUnknown:Release (This=0x64be70) returned 0x2 [0148.656] WbemDefPath:IWbemPath:SetText (This=0x64be70, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0148.656] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f3b0 | out: puCount=0x19f3b0*=0x2) returned 0x0 [0148.656] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f3ac*=0xf, pszText=0x0) returned 0x0 [0148.656] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.656] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3dc [0148.656] SetEvent (hEvent=0x3b4) returned 1 [0148.657] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x3dc, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0148.660] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0148.660] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0148.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x665430) returned 0x0 [0148.660] WbemDefPath:IUnknown:AddRef (This=0x665430) returned 0x3 [0148.660] WbemDefPath:IUnknown:Release (This=0x665430) returned 0x2 [0148.660] WbemDefPath:IWbemPath:SetText (This=0x665430, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0 [0148.660] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0 [0148.660] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.677] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a8*=0x3f0, lpdwindex=0x19f15c | out: lpdwindex=0x19f15c) returned 0x0 [0150.026] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0150.026] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0150.026] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef7da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f024 | out: ppvObject=0x19f024*=0x5dfaf8) returned 0x0 [0150.026] CObjectContext::ContextCallback () returned 0x0 [0150.041] IUnknown:Release (This=0x5dfaf8) returned 0x1 [0150.042] CoUnmarshalInterface (in: pStm=0x649eb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f094 | out: ppv=0x19f094*=0x6156d8) returned 0x0 [0150.043] CoMarshalInterface (pStm=0x649eb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6156d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0150.043] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef34 | out: ppvObject=0x19ef34*=0x6156d8) returned 0x0 [0150.044] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eef0 | out: ppvObject=0x19eef0*=0x0) returned 0x80004002 [0150.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0150.045] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0150.046] WbemLocator:IUnknown:AddRef (This=0x6156d8) returned 0x3 [0150.046] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e844 | out: ppvObject=0x19e844*=0x0) returned 0x80004002 [0150.046] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7f4 | out: ppvObject=0x19e7f4*=0x0) returned 0x80004002 [0150.046] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e800 | out: ppvObject=0x19e800*=0x615634) returned 0x0 [0150.047] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x615634, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e808 | out: pCid=0x19e808*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.047] WbemLocator:IUnknown:Release (This=0x615634) returned 0x3 [0150.047] CoGetContextToken (in: pToken=0x19e860 | out: pToken=0x19e860) returned 0x0 [0150.047] CoGetContextToken (in: pToken=0x19ec68 | out: pToken=0x19ec68) returned 0x0 [0150.047] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x6156bc) returned 0x0 [0150.047] WbemLocator:IRpcOptions:Query (in: This=0x6156bc, pPrx=0x6156d8, dwProperty=2, pdwValue=0x19ed00 | out: pdwValue=0x19ed00) returned 0x0 [0150.047] WbemLocator:IUnknown:Release (This=0x6156bc) returned 0x3 [0150.047] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x2 [0150.047] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x1 [0150.048] CoGetContextToken (in: pToken=0x19efe0 | out: pToken=0x19efe0) returned 0x0 [0150.048] WbemLocator:IUnknown:AddRef (This=0x6156d8) returned 0x2 [0150.048] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x6156b4) returned 0x0 [0150.048] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6156b4, pProxy=0x6156d8, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0150.048] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x2 [0150.048] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x6156d8) returned 0x0 [0150.048] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x6156b4) returned 0x0 [0150.048] WbemLocator:IClientSecurity:SetBlanket (This=0x6156b4, pProxy=0x6156d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.049] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x3 [0150.049] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x2 [0150.049] CoTaskMemFree (pv=0x661198) [0150.049] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x1 [0150.049] SysStringLen (param_1=0x0) returned 0x0 [0150.049] CoGetContextToken (in: pToken=0x19f258 | out: pToken=0x19f258) returned 0x0 [0150.049] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0150.049] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x19f288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x5d46d0) returned 0x0 [0150.050] WbemLocator:IUnknown:AddRef (This=0x5d46d0) returned 0x3 [0150.050] WbemLocator:IUnknown:Release (This=0x5d46d0) returned 0x2 [0150.050] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0150.051] WbemLocator:IUnknown:AddRef (This=0x5d46d0) returned 0x3 [0150.051] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x6156b4) returned 0x0 [0150.051] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6156b4, pProxy=0x5d46d0, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0150.051] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x3 [0150.051] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x6156d8) returned 0x0 [0150.052] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x6156b4) returned 0x0 [0150.052] WbemLocator:IClientSecurity:SetBlanket (This=0x6156b4, pProxy=0x5d46d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.052] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x4 [0150.052] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x3 [0150.052] CoTaskMemFree (pv=0x661318) [0150.052] WbemLocator:IUnknown:Release (This=0x5d46d0) returned 0x2 [0150.052] SysStringLen (param_1=0x0) returned 0x0 [0150.053] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x19f3ac | out: puCount=0x19f3ac*=0x2) returned 0x0 [0150.053] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0xf, pszText=0x0) returned 0x0 [0150.053] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.053] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0150.053] CoUnmarshalInterface (in: pStm=0x649eb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f00c | out: ppv=0x19f00c*=0x6156d8) returned 0x0 [0150.054] CoMarshalInterface (pStm=0x649eb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6156d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0150.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeac | out: ppvObject=0x19eeac*=0x6156d8) returned 0x0 [0150.054] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x3 [0150.054] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x2 [0150.054] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0 [0150.054] WbemLocator:IUnknown:AddRef (This=0x6156d8) returned 0x3 [0150.054] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x6156b4) returned 0x0 [0150.055] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6156b4, pProxy=0x6156d8, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0150.055] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x3 [0150.055] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x6156d8) returned 0x0 [0150.055] WbemLocator:IUnknown:QueryInterface (in: This=0x6156d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x6156b4) returned 0x0 [0150.055] WbemLocator:IClientSecurity:SetBlanket (This=0x6156b4, pProxy=0x6156d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.055] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x4 [0150.055] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x3 [0150.056] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x2 [0150.056] SysStringLen (param_1=0x0) returned 0x0 [0150.056] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0150.056] WbemLocator:IUnknown:AddRef (This=0x5d46d0) returned 0x3 [0150.056] WbemLocator:IUnknown:Release (This=0x5d46d0) returned 0x2 [0150.056] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0150.056] WbemLocator:IUnknown:AddRef (This=0x5d46d0) returned 0x3 [0150.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x6156b4) returned 0x0 [0150.056] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6156b4, pProxy=0x5d46d0, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0150.056] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x3 [0150.056] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x6156d8) returned 0x0 [0150.057] WbemLocator:IUnknown:QueryInterface (in: This=0x5d46d0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x6156b4) returned 0x0 [0150.057] WbemLocator:IClientSecurity:SetBlanket (This=0x6156b4, pProxy=0x5d46d0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.057] WbemLocator:IUnknown:Release (This=0x6156b4) returned 0x4 [0150.057] WbemLocator:IUnknown:Release (This=0x6156d8) returned 0x3 [0150.057] WbemLocator:IUnknown:Release (This=0x5d46d0) returned 0x2 [0150.057] SysStringLen (param_1=0x0) returned 0x0 [0150.057] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f3b0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3b0*=0x10, pszText=0x0) returned 0x0 [0150.058] WbemDefPath:IWbemPath:GetText (in: This=0x64b450, lFlags=2, puBuffLength=0x19f3b0*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f3b0*=0x10, pszText="win32_processor") returned 0x0 [0150.064] IWbemServices:GetObject (in: This=0x5d46d0, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f364*=0x0, ppCallResult=0x0 | out: ppObject=0x19f364*=0x67cb80, ppCallResult=0x0) returned 0x0 [0150.081] IWbemClassObject:Get (in: This=0x67cb80, wszName="__PATH", lFlags=0, pVal=0x19f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3f4*=0, plFlavor=0x19f3f0*=0 | out: pVal=0x19f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3f4*=8, plFlavor=0x19f3f0*=64) returned 0x0 [0150.086] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0150.086] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0150.087] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x42c [0150.087] SetEvent (hEvent=0x3b4) returned 1 [0150.087] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f308*=0x42c, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0 [0150.092] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0150.092] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0150.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x67ce10) returned 0x0 [0150.092] WbemDefPath:IUnknown:AddRef (This=0x67ce10) returned 0x3 [0150.093] WbemDefPath:IUnknown:Release (This=0x67ce10) returned 0x2 [0150.093] WbemDefPath:IWbemPath:SetText (This=0x67ce10, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0150.093] IWbemClassObject:Get (in: This=0x67cb80, wszName="__CLASS", lFlags=0, pVal=0x19f3bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f43c*=0, plFlavor=0x19f438*=0 | out: pVal=0x19f3bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f43c*=8, plFlavor=0x19f438*=64) returned 0x0 [0150.094] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0150.094] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0150.094] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0150.094] WbemLocator:IUnknown:AddRef (This=0x5d46d0) returned 0x3 [0150.094] IWbemServices:CreateInstanceEnum (in: This=0x5d46d0, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f3b8 | out: ppEnum=0x19f3b8*=0x65b248) returned 0x0 [0150.167] IUnknown:QueryInterface (in: This=0x65b248, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f244 | out: ppvObject=0x19f244*=0x65b24c) returned 0x0 [0150.168] IClientSecurity:QueryBlanket (in: This=0x65b24c, pProxy=0x65b248, pAuthnSvc=0x19f294, pAuthzSvc=0x19f290, pServerPrincName=0x19f288, pAuthnLevel=0x19f28c, pImpLevel=0x19f27c, pAuthInfo=0x19f280, pCapabilites=0x19f284 | out: pAuthnSvc=0x19f294*=0xa, pAuthzSvc=0x19f290*=0x0, pServerPrincName=0x19f288, pAuthnLevel=0x19f28c*=0x6, pImpLevel=0x19f27c*=0x2, pAuthInfo=0x19f280, pCapabilites=0x19f284*=0x1) returned 0x0 [0150.168] IUnknown:Release (This=0x65b24c) returned 0x1 [0150.168] IUnknown:QueryInterface (in: This=0x65b248, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f238 | out: ppvObject=0x19f238*=0x6160d8) returned 0x0 [0150.168] IUnknown:QueryInterface (in: This=0x65b248, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x65b24c) returned 0x0 [0150.170] IClientSecurity:SetBlanket (This=0x65b24c, pProxy=0x65b248, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.245] IUnknown:Release (This=0x65b24c) returned 0x2 [0150.245] WbemLocator:IUnknown:Release (This=0x6160d8) returned 0x1 [0150.245] CoTaskMemFree (pv=0x661288) [0150.245] IUnknown:QueryInterface (in: This=0x65b248, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee2c | out: ppvObject=0x19ee2c*=0x6160d8) returned 0x0 [0150.246] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ede8 | out: ppvObject=0x19ede8*=0x0) returned 0x80004002 [0150.294] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec04 | out: ppvObject=0x19ec04*=0x0) returned 0x80004002 [0150.335] IUnknown:QueryInterface (in: This=0x65b248, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9dc | out: ppvObject=0x19e9dc*=0x0) returned 0x80004002 [0150.380] WbemLocator:IUnknown:AddRef (This=0x6160d8) returned 0x3 [0150.380] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e73c | out: ppvObject=0x19e73c*=0x0) returned 0x80004002 [0150.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6ec | out: ppvObject=0x19e6ec*=0x0) returned 0x80004002 [0150.381] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f8 | out: ppvObject=0x19e6f8*=0x616034) returned 0x0 [0150.381] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x616034, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e700 | out: pCid=0x19e700*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.381] WbemLocator:IUnknown:Release (This=0x616034) returned 0x3 [0150.381] CoGetContextToken (in: pToken=0x19e758 | out: pToken=0x19e758) returned 0x0 [0150.382] CoGetContextToken (in: pToken=0x19eb60 | out: pToken=0x19eb60) returned 0x0 [0150.382] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebec | out: ppvObject=0x19ebec*=0x6160bc) returned 0x0 [0150.383] WbemLocator:IRpcOptions:Query (in: This=0x6160bc, pPrx=0x6160d8, dwProperty=2, pdwValue=0x19ebf8 | out: pdwValue=0x19ebf8) returned 0x80004002 [0150.383] WbemLocator:IUnknown:Release (This=0x6160bc) returned 0x3 [0150.383] WbemLocator:IUnknown:Release (This=0x6160d8) returned 0x2 [0150.383] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0 [0150.383] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0150.383] WbemLocator:IUnknown:QueryInterface (in: This=0x6160d8, riid=0x19f170*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f16c | out: ppvObject=0x19f16c*=0x65b248) returned 0x0 [0150.383] IUnknown:AddRef (This=0x65b248) returned 0x4 [0150.383] IUnknown:Release (This=0x65b248) returned 0x3 [0150.383] IUnknown:Release (This=0x65b248) returned 0x2 [0150.383] WbemLocator:IUnknown:Release (This=0x5d46d0) returned 0x2 [0150.383] SysStringLen (param_1=0x0) returned 0x0 [0150.383] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x19f3f4 | out: puCount=0x19f3f4*=0x2) returned 0x0 [0150.384] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3f0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3f0*=0xf, pszText=0x0) returned 0x0 [0150.384] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.384] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0150.384] IUnknown:AddRef (This=0x65b248) returned 0x3 [0150.384] IEnumWbemClassObject:Clone (in: This=0x65b248, ppEnum=0x19f3f4 | out: ppEnum=0x19f3f4*=0x65ae60) returned 0x0 [0150.495] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2b0 | out: ppvObject=0x19f2b0*=0x65ae64) returned 0x0 [0150.495] IClientSecurity:QueryBlanket (in: This=0x65ae64, pProxy=0x65ae60, pAuthnSvc=0x19f300, pAuthzSvc=0x19f2fc, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8, pImpLevel=0x19f2e8, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0 | out: pAuthnSvc=0x19f300*=0xa, pAuthzSvc=0x19f2fc*=0x0, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8*=0x6, pImpLevel=0x19f2e8*=0x2, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0*=0x1) returned 0x0 [0150.497] IUnknown:Release (This=0x65ae64) returned 0x1 [0150.497] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x6164d8) returned 0x0 [0150.499] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x65ae64) returned 0x0 [0150.499] IClientSecurity:SetBlanket (This=0x65ae64, pProxy=0x65ae60, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.517] IUnknown:Release (This=0x65ae64) returned 0x2 [0150.517] WbemLocator:IUnknown:Release (This=0x6164d8) returned 0x1 [0150.517] CoTaskMemFree (pv=0x661048) [0150.517] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee8c | out: ppvObject=0x19ee8c*=0x6164d8) returned 0x0 [0150.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee48 | out: ppvObject=0x19ee48*=0x0) returned 0x80004002 [0150.519] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0150.524] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0150.713] WbemLocator:IUnknown:AddRef (This=0x6164d8) returned 0x3 [0150.713] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002 [0150.714] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002 [0150.714] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e758 | out: ppvObject=0x19e758*=0x616434) returned 0x0 [0150.714] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x616434, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e760 | out: pCid=0x19e760*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.714] WbemLocator:IUnknown:Release (This=0x616434) returned 0x3 [0150.714] CoGetContextToken (in: pToken=0x19e7b8 | out: pToken=0x19e7b8) returned 0x0 [0150.714] CoGetContextToken (in: pToken=0x19ebc0 | out: pToken=0x19ebc0) returned 0x0 [0150.714] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec4c | out: ppvObject=0x19ec4c*=0x6164bc) returned 0x0 [0150.714] WbemLocator:IRpcOptions:Query (in: This=0x6164bc, pPrx=0x6164d8, dwProperty=2, pdwValue=0x19ec58 | out: pdwValue=0x19ec58) returned 0x80004002 [0150.714] WbemLocator:IUnknown:Release (This=0x6164bc) returned 0x3 [0150.715] WbemLocator:IUnknown:Release (This=0x6164d8) returned 0x2 [0150.715] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0150.715] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0150.715] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x19f1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1cc | out: ppvObject=0x19f1cc*=0x65ae60) returned 0x0 [0150.715] IUnknown:AddRef (This=0x65ae60) returned 0x4 [0150.715] IUnknown:Release (This=0x65ae60) returned 0x3 [0150.715] IUnknown:Release (This=0x65ae60) returned 0x2 [0150.715] IUnknown:Release (This=0x65b248) returned 0x2 [0150.715] SysStringLen (param_1=0x0) returned 0x0 [0150.716] IEnumWbemClassObject:Reset (This=0x65ae60) returned 0x0 [0150.753] CoTaskMemAlloc (cb=0x4) returned 0x673c70 [0150.754] IEnumWbemClassObject:Next (in: This=0x65ae60, lTimeout=-1, uCount=0x1, apObjects=0x673c70, puReturned=0x63987d0 | out: apObjects=0x673c70*=0x61b618, puReturned=0x63987d0*=0x1) returned 0x0 [0167.030] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x61b618) returned 0x0 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.031] IUnknown:AddRef (This=0x61b618) returned 0x3 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.031] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x61b61c) returned 0x0 [0167.032] IMarshal:GetUnmarshalClass (in: This=0x61b61c, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.032] IUnknown:Release (This=0x61b61c) returned 0x3 [0167.032] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.032] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.032] IUnknown:QueryInterface (in: This=0x61b618, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.032] IUnknown:Release (This=0x61b618) returned 0x2 [0167.032] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.032] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.032] IUnknown:QueryInterface (in: This=0x61b618, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x61b618) returned 0x0 [0167.032] IUnknown:AddRef (This=0x61b618) returned 0x4 [0167.033] IUnknown:Release (This=0x61b618) returned 0x3 [0167.033] IUnknown:Release (This=0x61b618) returned 0x2 [0167.035] CoTaskMemFree (pv=0x673c70) [0167.035] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.035] IUnknown:AddRef (This=0x61b618) returned 0x3 [0167.035] IWbemClassObject:Get (in: This=0x61b618, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.037] IWbemClassObject:Get (in: This=0x61b618, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.038] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0167.038] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0167.038] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430 [0167.038] SetEvent (hEvent=0x3b4) returned 1 [0167.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x430, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.045] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.045] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.045] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67cda0) returned 0x0 [0167.045] WbemDefPath:IUnknown:AddRef (This=0x67cda0) returned 0x3 [0167.045] WbemDefPath:IUnknown:Release (This=0x67cda0) returned 0x2 [0167.046] WbemDefPath:IWbemPath:SetText (This=0x67cda0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x19f400 | out: puCount=0x19f400*=0x2) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3fc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3fc*=0xf, pszText=0x0) returned 0x0 [0167.046] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=4, puBuffLength=0x19f3fc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3fc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.051] IWbemClassObject:Get (in: This=0x61b618, wszName="processorID", lFlags=0, pVal=0x19f3fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6399080*=0, plFlavor=0x6399084*=0 | out: pVal=0x19f3fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x6399080*=8, plFlavor=0x6399084*=0) returned 0x0 [0167.051] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0167.051] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0167.052] IWbemClassObject:Get (in: This=0x61b618, wszName="processorID", lFlags=0, pVal=0x19f404*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x6399080*=8, plFlavor=0x6399084*=0 | out: pVal=0x19f404*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x6399080*=8, plFlavor=0x6399084*=0) returned 0x0 [0167.052] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0167.052] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0167.054] CoTaskMemAlloc (cb=0x4) returned 0x673d90 [0167.054] IEnumWbemClassObject:Next (in: This=0x65ae60, lTimeout=-1, uCount=0x1, apObjects=0x673d90, puReturned=0x63987d0 | out: apObjects=0x673d90*=0x0, puReturned=0x63987d0*=0x0) returned 0x1 [0167.056] CoTaskMemFree (pv=0x673d90) [0167.056] CoGetContextToken (in: pToken=0x19f318 | out: pToken=0x19f318) returned 0x0 [0167.056] WbemLocator:IUnknown:Release (This=0x6164d8) returned 0x1 [0167.056] IUnknown:Release (This=0x65ae60) returned 0x0 [0167.086] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438 [0167.086] SetEvent (hEvent=0x3b4) returned 1 [0167.086] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3c4*=0x438, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0 [0167.090] CoGetContextToken (in: pToken=0x19f290 | out: pToken=0x19f290) returned 0x0 [0167.090] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0167.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x19f2c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2bc | out: ppvObject=0x19f2bc*=0x67cef0) returned 0x0 [0167.091] WbemDefPath:IUnknown:AddRef (This=0x67cef0) returned 0x3 [0167.091] WbemDefPath:IUnknown:Release (This=0x67cef0) returned 0x2 [0167.091] WbemDefPath:IWbemPath:SetText (This=0x67cef0, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cef0, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f440*=0x0, pszText=0x0 | out: puBuffLength=0x19f440*=0x22, pszText=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f440*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f440*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetInfo (in: This=0x67cef0, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cef0, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetInfo (in: This=0x67cef0, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cef0, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x22, pszText=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f430*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f430*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cef0, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x22, pszText=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f430*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f430*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cef0, puCount=0x19f3c4 | out: puCount=0x19f3c4*=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f3b0 | out: puCount=0x19f3b0*=0x2) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f3ac*=0xf, pszText=0x0) returned 0x0 [0167.091] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.091] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x43c [0167.092] SetEvent (hEvent=0x3b4) returned 1 [0167.092] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x43c, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0167.096] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0167.097] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0167.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x67cfd0) returned 0x0 [0167.097] WbemDefPath:IUnknown:AddRef (This=0x67cfd0) returned 0x3 [0167.097] WbemDefPath:IUnknown:Release (This=0x67cfd0) returned 0x2 [0167.097] WbemDefPath:IWbemPath:SetText (This=0x67cfd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0167.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0 [0167.097] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0 [0167.097] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.116] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a8*=0x450, lpdwindex=0x19f15c | out: lpdwindex=0x19f15c) returned 0x0 [0167.160] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0167.160] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0167.160] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef7da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f024 | out: ppvObject=0x19f024*=0x5dfaf8) returned 0x0 [0167.160] CObjectContext::ContextCallback () returned 0x0 [0167.163] IUnknown:Release (This=0x5dfaf8) returned 0x1 [0167.163] CoUnmarshalInterface (in: pStm=0x649c98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f094 | out: ppv=0x19f094*=0x6159d8) returned 0x0 [0167.164] CoMarshalInterface (pStm=0x649c98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6159d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0167.164] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef34 | out: ppvObject=0x19ef34*=0x6159d8) returned 0x0 [0167.164] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eef0 | out: ppvObject=0x19eef0*=0x0) returned 0x80004002 [0167.165] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0167.166] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0167.166] WbemLocator:IUnknown:AddRef (This=0x6159d8) returned 0x3 [0167.166] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e844 | out: ppvObject=0x19e844*=0x0) returned 0x80004002 [0167.166] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7f4 | out: ppvObject=0x19e7f4*=0x0) returned 0x80004002 [0167.167] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e800 | out: ppvObject=0x19e800*=0x615934) returned 0x0 [0167.167] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x615934, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e808 | out: pCid=0x19e808*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.167] WbemLocator:IUnknown:Release (This=0x615934) returned 0x3 [0167.167] CoGetContextToken (in: pToken=0x19e860 | out: pToken=0x19e860) returned 0x0 [0167.167] CoGetContextToken (in: pToken=0x19ec68 | out: pToken=0x19ec68) returned 0x0 [0167.167] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x6159bc) returned 0x0 [0167.167] WbemLocator:IRpcOptions:Query (in: This=0x6159bc, pPrx=0x6159d8, dwProperty=2, pdwValue=0x19ed00 | out: pdwValue=0x19ed00) returned 0x0 [0167.167] WbemLocator:IUnknown:Release (This=0x6159bc) returned 0x3 [0167.168] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x2 [0167.168] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x1 [0167.168] CoGetContextToken (in: pToken=0x19efe0 | out: pToken=0x19efe0) returned 0x0 [0167.168] WbemLocator:IUnknown:AddRef (This=0x6159d8) returned 0x2 [0167.168] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x6159b4) returned 0x0 [0167.168] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6159b4, pProxy=0x6159d8, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0167.168] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x2 [0167.168] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x6159d8) returned 0x0 [0167.168] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x6159b4) returned 0x0 [0167.169] WbemLocator:IClientSecurity:SetBlanket (This=0x6159b4, pProxy=0x6159d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.169] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x3 [0167.169] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x2 [0167.169] CoTaskMemFree (pv=0x661468) [0167.169] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x1 [0167.169] SysStringLen (param_1=0x0) returned 0x0 [0167.169] CoGetContextToken (in: pToken=0x19f258 | out: pToken=0x19f258) returned 0x0 [0167.169] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0167.169] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x19f288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x67d960) returned 0x0 [0167.170] WbemLocator:IUnknown:AddRef (This=0x67d960) returned 0x3 [0167.170] WbemLocator:IUnknown:Release (This=0x67d960) returned 0x2 [0167.170] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0167.170] WbemLocator:IUnknown:AddRef (This=0x67d960) returned 0x3 [0167.171] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x6159b4) returned 0x0 [0167.171] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6159b4, pProxy=0x67d960, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0167.171] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x3 [0167.171] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x6159d8) returned 0x0 [0167.171] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x6159b4) returned 0x0 [0167.171] WbemLocator:IClientSecurity:SetBlanket (This=0x6159b4, pProxy=0x67d960, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.171] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x4 [0167.171] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x3 [0167.171] CoTaskMemFree (pv=0x661348) [0167.172] WbemLocator:IUnknown:Release (This=0x67d960) returned 0x2 [0167.172] SysStringLen (param_1=0x0) returned 0x0 [0167.172] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ac | out: puCount=0x19f3ac*=0x2) returned 0x0 [0167.172] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0xf, pszText=0x0) returned 0x0 [0167.172] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.172] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0167.172] CoUnmarshalInterface (in: pStm=0x649c98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f00c | out: ppv=0x19f00c*=0x6159d8) returned 0x0 [0167.172] CoMarshalInterface (pStm=0x649c98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6159d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0167.173] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeac | out: ppvObject=0x19eeac*=0x6159d8) returned 0x0 [0167.173] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x3 [0167.173] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x2 [0167.173] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0 [0167.173] WbemLocator:IUnknown:AddRef (This=0x6159d8) returned 0x3 [0167.173] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x6159b4) returned 0x0 [0167.173] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6159b4, pProxy=0x6159d8, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0167.173] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x3 [0167.174] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x6159d8) returned 0x0 [0167.174] WbemLocator:IUnknown:QueryInterface (in: This=0x6159d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x6159b4) returned 0x0 [0167.174] WbemLocator:IClientSecurity:SetBlanket (This=0x6159b4, pProxy=0x6159d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.174] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x4 [0167.174] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x3 [0167.174] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x2 [0167.174] SysStringLen (param_1=0x0) returned 0x0 [0167.174] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.174] WbemLocator:IUnknown:AddRef (This=0x67d960) returned 0x3 [0167.174] WbemLocator:IUnknown:Release (This=0x67d960) returned 0x2 [0167.174] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0167.175] WbemLocator:IUnknown:AddRef (This=0x67d960) returned 0x3 [0167.175] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x6159b4) returned 0x0 [0167.175] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6159b4, pProxy=0x67d960, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0167.175] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x3 [0167.175] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x6159d8) returned 0x0 [0167.175] WbemLocator:IUnknown:QueryInterface (in: This=0x67d960, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x6159b4) returned 0x0 [0167.175] WbemLocator:IClientSecurity:SetBlanket (This=0x6159b4, pProxy=0x67d960, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.175] WbemLocator:IUnknown:Release (This=0x6159b4) returned 0x4 [0167.175] WbemLocator:IUnknown:Release (This=0x6159d8) returned 0x3 [0167.176] WbemLocator:IUnknown:Release (This=0x67d960) returned 0x2 [0167.176] SysStringLen (param_1=0x0) returned 0x0 [0167.176] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f3b0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3b0*=0x22, pszText=0x0) returned 0x0 [0167.176] WbemDefPath:IWbemPath:GetText (in: This=0x67cef0, lFlags=2, puBuffLength=0x19f3b0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f3b0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0167.176] IWbemServices:GetObject (in: This=0x67d960, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x19f364*=0x0, ppCallResult=0x0 | out: ppObject=0x19f364*=0x681308, ppCallResult=0x0) returned 0x0 [0167.213] IWbemClassObject:Get (in: This=0x681308, wszName="__PATH", lFlags=0, pVal=0x19f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3f4*=0, plFlavor=0x19f3f0*=0 | out: pVal=0x19f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f3f4*=8, plFlavor=0x19f3f0*=64) returned 0x0 [0167.214] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0167.214] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0167.214] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0167.214] SetEvent (hEvent=0x3b4) returned 1 [0167.214] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f308*=0x454, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0 [0167.218] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0167.218] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0167.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x67d4a0) returned 0x0 [0167.219] WbemDefPath:IUnknown:AddRef (This=0x67d4a0) returned 0x3 [0167.219] WbemDefPath:IUnknown:Release (This=0x67d4a0) returned 0x2 [0167.219] WbemDefPath:IWbemPath:SetText (This=0x67d4a0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0167.219] IWbemClassObject:Get (in: This=0x681308, wszName="__CLASS", lFlags=0, pVal=0x19f3bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f43c*=0, plFlavor=0x19f438*=0 | out: pVal=0x19f3bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f43c*=8, plFlavor=0x19f438*=64) returned 0x0 [0167.219] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0167.219] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0167.219] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0167.219] WbemLocator:IUnknown:AddRef (This=0x67d960) returned 0x3 [0167.219] IWbemServices:CreateInstanceEnum (in: This=0x67d960, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x19f3b8 | out: ppEnum=0x19f3b8*=0x65ae60) returned 0x0 [0167.256] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x65ae64) returned 0x0 [0167.256] IClientSecurity:QueryBlanket (in: This=0x65ae64, pProxy=0x65ae60, pAuthnSvc=0x19f270, pAuthzSvc=0x19f26c, pServerPrincName=0x19f264, pAuthnLevel=0x19f268, pImpLevel=0x19f258, pAuthInfo=0x19f25c, pCapabilites=0x19f260 | out: pAuthnSvc=0x19f270*=0xa, pAuthzSvc=0x19f26c*=0x0, pServerPrincName=0x19f264, pAuthnLevel=0x19f268*=0x6, pImpLevel=0x19f258*=0x2, pAuthInfo=0x19f25c, pCapabilites=0x19f260*=0x1) returned 0x0 [0167.256] IUnknown:Release (This=0x65ae64) returned 0x1 [0167.256] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x682d38) returned 0x0 [0167.257] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x65ae64) returned 0x0 [0167.257] IClientSecurity:SetBlanket (This=0x65ae64, pProxy=0x65ae60, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.319] IUnknown:Release (This=0x65ae64) returned 0x2 [0167.319] WbemLocator:IUnknown:Release (This=0x682d38) returned 0x1 [0167.319] CoTaskMemFree (pv=0x661318) [0167.319] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x682d38) returned 0x0 [0167.319] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edc4 | out: ppvObject=0x19edc4*=0x0) returned 0x80004002 [0167.339] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebe4 | out: ppvObject=0x19ebe4*=0x0) returned 0x80004002 [0167.364] IUnknown:QueryInterface (in: This=0x65ae60, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9bc | out: ppvObject=0x19e9bc*=0x0) returned 0x80004002 [0167.406] WbemLocator:IUnknown:AddRef (This=0x682d38) returned 0x3 [0167.406] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e71c | out: ppvObject=0x19e71c*=0x0) returned 0x80004002 [0167.406] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6cc | out: ppvObject=0x19e6cc*=0x0) returned 0x80004002 [0167.451] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6d8 | out: ppvObject=0x19e6d8*=0x682c94) returned 0x0 [0167.452] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682c94, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6e0 | out: pCid=0x19e6e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.452] WbemLocator:IUnknown:Release (This=0x682c94) returned 0x3 [0167.452] CoGetContextToken (in: pToken=0x19e738 | out: pToken=0x19e738) returned 0x0 [0167.452] CoGetContextToken (in: pToken=0x19eb40 | out: pToken=0x19eb40) returned 0x0 [0167.452] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x682d1c) returned 0x0 [0167.452] WbemLocator:IRpcOptions:Query (in: This=0x682d1c, pPrx=0x682d38, dwProperty=2, pdwValue=0x19ebd8 | out: pdwValue=0x19ebd8) returned 0x80004002 [0167.452] WbemLocator:IUnknown:Release (This=0x682d1c) returned 0x3 [0167.453] WbemLocator:IUnknown:Release (This=0x682d38) returned 0x2 [0167.453] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0167.453] CoGetContextToken (in: pToken=0x19f078 | out: pToken=0x19f078) returned 0x0 [0167.453] WbemLocator:IUnknown:QueryInterface (in: This=0x682d38, riid=0x19f148*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f144 | out: ppvObject=0x19f144*=0x65ae60) returned 0x0 [0167.453] IUnknown:AddRef (This=0x65ae60) returned 0x4 [0167.453] IUnknown:Release (This=0x65ae60) returned 0x3 [0167.453] IUnknown:Release (This=0x65ae60) returned 0x2 [0167.453] WbemLocator:IUnknown:Release (This=0x67d960) returned 0x2 [0167.453] SysStringLen (param_1=0x0) returned 0x0 [0167.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3f4 | out: puCount=0x19f3f4*=0x2) returned 0x0 [0167.453] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3f0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3f0*=0xf, pszText=0x0) returned 0x0 [0167.453] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.453] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0167.453] IUnknown:AddRef (This=0x65ae60) returned 0x3 [0167.453] IEnumWbemClassObject:Clone (in: This=0x65ae60, ppEnum=0x19f3f4 | out: ppEnum=0x19f3f4*=0x65af28) returned 0x0 [0167.490] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2b0 | out: ppvObject=0x19f2b0*=0x65af2c) returned 0x0 [0167.490] IClientSecurity:QueryBlanket (in: This=0x65af2c, pProxy=0x65af28, pAuthnSvc=0x19f300, pAuthzSvc=0x19f2fc, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8, pImpLevel=0x19f2e8, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0 | out: pAuthnSvc=0x19f300*=0xa, pAuthzSvc=0x19f2fc*=0x0, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8*=0x6, pImpLevel=0x19f2e8*=0x2, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0*=0x1) returned 0x0 [0167.490] IUnknown:Release (This=0x65af2c) returned 0x1 [0167.490] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x682138) returned 0x0 [0167.491] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x65af2c) returned 0x0 [0167.491] IClientSecurity:SetBlanket (This=0x65af2c, pProxy=0x65af28, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.549] IUnknown:Release (This=0x65af2c) returned 0x2 [0167.549] WbemLocator:IUnknown:Release (This=0x682138) returned 0x1 [0167.549] CoTaskMemFree (pv=0x661228) [0167.550] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee8c | out: ppvObject=0x19ee8c*=0x682138) returned 0x0 [0167.550] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee48 | out: ppvObject=0x19ee48*=0x0) returned 0x80004002 [0167.555] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0167.559] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0167.563] WbemLocator:IUnknown:AddRef (This=0x682138) returned 0x3 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e758 | out: ppvObject=0x19e758*=0x682094) returned 0x0 [0167.564] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682094, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e760 | out: pCid=0x19e760*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.564] WbemLocator:IUnknown:Release (This=0x682094) returned 0x3 [0167.564] CoGetContextToken (in: pToken=0x19e7b8 | out: pToken=0x19e7b8) returned 0x0 [0167.564] CoGetContextToken (in: pToken=0x19ebc0 | out: pToken=0x19ebc0) returned 0x0 [0167.564] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec4c | out: ppvObject=0x19ec4c*=0x68211c) returned 0x0 [0167.564] WbemLocator:IRpcOptions:Query (in: This=0x68211c, pPrx=0x682138, dwProperty=2, pdwValue=0x19ec58 | out: pdwValue=0x19ec58) returned 0x80004002 [0167.564] WbemLocator:IUnknown:Release (This=0x68211c) returned 0x3 [0167.564] WbemLocator:IUnknown:Release (This=0x682138) returned 0x2 [0167.564] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0167.564] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0167.564] WbemLocator:IUnknown:QueryInterface (in: This=0x682138, riid=0x19f1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1cc | out: ppvObject=0x19f1cc*=0x65af28) returned 0x0 [0167.565] IUnknown:AddRef (This=0x65af28) returned 0x4 [0167.565] IUnknown:Release (This=0x65af28) returned 0x3 [0167.565] IUnknown:Release (This=0x65af28) returned 0x2 [0167.565] IUnknown:Release (This=0x65ae60) returned 0x2 [0167.565] SysStringLen (param_1=0x0) returned 0x0 [0167.565] IEnumWbemClassObject:Reset (This=0x65af28) returned 0x0 [0167.566] CoTaskMemAlloc (cb=0x4) returned 0x673ce0 [0167.566] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673ce0, puReturned=0x639acd8 | out: apObjects=0x673ce0*=0x61afb8, puReturned=0x639acd8*=0x1) returned 0x0 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x61afb8) returned 0x0 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.574] IUnknown:AddRef (This=0x61afb8) returned 0x3 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.574] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x61afbc) returned 0x0 [0167.574] IMarshal:GetUnmarshalClass (in: This=0x61afbc, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.575] IUnknown:Release (This=0x61afbc) returned 0x3 [0167.575] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.575] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.575] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.575] IUnknown:Release (This=0x61afb8) returned 0x2 [0167.575] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.575] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.575] IUnknown:QueryInterface (in: This=0x61afb8, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x61afb8) returned 0x0 [0167.575] IUnknown:AddRef (This=0x61afb8) returned 0x4 [0167.575] IUnknown:Release (This=0x61afb8) returned 0x3 [0167.575] IUnknown:Release (This=0x61afb8) returned 0x2 [0167.575] CoTaskMemFree (pv=0x673ce0) [0167.575] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.575] IUnknown:AddRef (This=0x61afb8) returned 0x3 [0167.575] IWbemClassObject:Get (in: This=0x61afb8, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.576] IWbemClassObject:Get (in: This=0x61afb8, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.576] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0167.576] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0167.576] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458 [0167.576] SetEvent (hEvent=0x3b4) returned 1 [0167.576] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x458, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.579] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.579] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67d0b0) returned 0x0 [0167.579] WbemDefPath:IUnknown:AddRef (This=0x67d0b0) returned 0x3 [0167.580] WbemDefPath:IUnknown:Release (This=0x67d0b0) returned 0x2 [0167.580] WbemDefPath:IWbemPath:SetText (This=0x67d0b0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0167.580] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.580] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.580] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.582] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.582] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.583] IWbemClassObject:Get (in: This=0x61afb8, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639b570*=0, plFlavor=0x639b574*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639b570*=11, plFlavor=0x639b574*=0) returned 0x0 [0167.583] IWbemClassObject:Get (in: This=0x61afb8, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639b570*=11, plFlavor=0x639b574*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639b570*=11, plFlavor=0x639b574*=0) returned 0x0 [0167.617] IUnknown:Release (This=0x61afb8) returned 0x2 [0167.618] CoTaskMemAlloc (cb=0x4) returned 0x673da0 [0167.618] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673da0, puReturned=0x639acd8 | out: apObjects=0x673da0*=0x61b480, puReturned=0x639acd8*=0x1) returned 0x0 [0167.619] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x61b480) returned 0x0 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.620] IUnknown:AddRef (This=0x61b480) returned 0x3 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.620] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x61b484) returned 0x0 [0167.620] IMarshal:GetUnmarshalClass (in: This=0x61b484, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.620] IUnknown:Release (This=0x61b484) returned 0x3 [0167.620] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.621] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.621] IUnknown:QueryInterface (in: This=0x61b480, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.621] IUnknown:Release (This=0x61b480) returned 0x2 [0167.621] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.621] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.621] IUnknown:QueryInterface (in: This=0x61b480, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x61b480) returned 0x0 [0167.621] IUnknown:AddRef (This=0x61b480) returned 0x4 [0167.621] IUnknown:Release (This=0x61b480) returned 0x3 [0167.621] IUnknown:Release (This=0x61b480) returned 0x2 [0167.621] CoTaskMemFree (pv=0x673da0) [0167.621] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.621] IUnknown:AddRef (This=0x61b480) returned 0x3 [0167.621] IWbemClassObject:Get (in: This=0x61b480, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.621] IWbemClassObject:Get (in: This=0x61b480, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.621] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0167.621] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0167.622] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0167.622] SetEvent (hEvent=0x3b4) returned 1 [0167.622] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x45c, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.625] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.625] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67d040) returned 0x0 [0167.625] WbemDefPath:IUnknown:AddRef (This=0x67d040) returned 0x3 [0167.625] WbemDefPath:IUnknown:Release (This=0x67d040) returned 0x2 [0167.625] WbemDefPath:IWbemPath:SetText (This=0x67d040, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.625] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.625] IWbemClassObject:Get (in: This=0x61b480, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c02c*=0, plFlavor=0x639c030*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c02c*=11, plFlavor=0x639c030*=0) returned 0x0 [0167.626] IWbemClassObject:Get (in: This=0x61b480, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c02c*=11, plFlavor=0x639c030*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c02c*=11, plFlavor=0x639c030*=0) returned 0x0 [0167.626] IUnknown:Release (This=0x61b480) returned 0x2 [0167.626] CoTaskMemAlloc (cb=0x4) returned 0x673c50 [0167.626] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673c50, puReturned=0x639acd8 | out: apObjects=0x673c50*=0x8f503a0, puReturned=0x639acd8*=0x1) returned 0x0 [0167.627] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x8f503a0) returned 0x0 [0167.627] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.627] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.627] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.628] IUnknown:AddRef (This=0x8f503a0) returned 0x3 [0167.628] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.628] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.628] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x8f503a4) returned 0x0 [0167.628] IMarshal:GetUnmarshalClass (in: This=0x8f503a4, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.628] IUnknown:Release (This=0x8f503a4) returned 0x3 [0167.628] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.628] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.628] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.628] IUnknown:Release (This=0x8f503a0) returned 0x2 [0167.628] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.628] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.628] IUnknown:QueryInterface (in: This=0x8f503a0, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x8f503a0) returned 0x0 [0167.628] IUnknown:AddRef (This=0x8f503a0) returned 0x4 [0167.628] IUnknown:Release (This=0x8f503a0) returned 0x3 [0167.628] IUnknown:Release (This=0x8f503a0) returned 0x2 [0167.628] CoTaskMemFree (pv=0x673c50) [0167.628] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.629] IUnknown:AddRef (This=0x8f503a0) returned 0x3 [0167.629] IWbemClassObject:Get (in: This=0x8f503a0, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.629] IWbemClassObject:Get (in: This=0x8f503a0, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.629] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0167.629] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0167.629] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464 [0167.629] SetEvent (hEvent=0x3b4) returned 1 [0167.629] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x464, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.632] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.632] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.632] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67d120) returned 0x0 [0167.632] WbemDefPath:IUnknown:AddRef (This=0x67d120) returned 0x3 [0167.632] WbemDefPath:IUnknown:Release (This=0x67d120) returned 0x2 [0167.632] WbemDefPath:IWbemPath:SetText (This=0x67d120, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0167.632] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.632] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.632] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.632] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.632] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.633] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.633] IWbemClassObject:Get (in: This=0x8f503a0, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c8a0*=0, plFlavor=0x639c8a4*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c8a0*=11, plFlavor=0x639c8a4*=0) returned 0x0 [0167.633] IWbemClassObject:Get (in: This=0x8f503a0, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c8a0*=11, plFlavor=0x639c8a4*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639c8a0*=11, plFlavor=0x639c8a4*=0) returned 0x0 [0167.633] IUnknown:Release (This=0x8f503a0) returned 0x2 [0167.633] CoTaskMemAlloc (cb=0x4) returned 0x673ce0 [0167.633] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673ce0, puReturned=0x639acd8 | out: apObjects=0x673ce0*=0x8f50b98, puReturned=0x639acd8*=0x1) returned 0x0 [0167.635] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x8f50b98) returned 0x0 [0167.635] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.635] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.635] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.636] IUnknown:AddRef (This=0x8f50b98) returned 0x3 [0167.636] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.636] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.636] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x8f50b9c) returned 0x0 [0167.636] IMarshal:GetUnmarshalClass (in: This=0x8f50b9c, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.636] IUnknown:Release (This=0x8f50b9c) returned 0x3 [0167.636] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.636] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.636] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.636] IUnknown:Release (This=0x8f50b98) returned 0x2 [0167.636] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.636] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.636] IUnknown:QueryInterface (in: This=0x8f50b98, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x8f50b98) returned 0x0 [0167.636] IUnknown:AddRef (This=0x8f50b98) returned 0x4 [0167.636] IUnknown:Release (This=0x8f50b98) returned 0x3 [0167.636] IUnknown:Release (This=0x8f50b98) returned 0x2 [0167.636] CoTaskMemFree (pv=0x673ce0) [0167.636] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.637] IUnknown:AddRef (This=0x8f50b98) returned 0x3 [0167.637] IWbemClassObject:Get (in: This=0x8f50b98, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.637] IWbemClassObject:Get (in: This=0x8f50b98, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.637] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0167.637] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0167.637] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468 [0167.637] SetEvent (hEvent=0x3b4) returned 1 [0167.637] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x468, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.640] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.640] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67d510) returned 0x0 [0167.640] WbemDefPath:IUnknown:AddRef (This=0x67d510) returned 0x3 [0167.640] WbemDefPath:IUnknown:Release (This=0x67d510) returned 0x2 [0167.641] WbemDefPath:IWbemPath:SetText (This=0x67d510, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.641] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.641] IWbemClassObject:Get (in: This=0x8f50b98, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d114*=0, plFlavor=0x639d118*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d114*=11, plFlavor=0x639d118*=0) returned 0x0 [0167.641] IWbemClassObject:Get (in: This=0x8f50b98, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d114*=11, plFlavor=0x639d118*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d114*=11, plFlavor=0x639d118*=0) returned 0x0 [0167.641] IUnknown:Release (This=0x8f50b98) returned 0x2 [0167.641] CoTaskMemAlloc (cb=0x4) returned 0x673c50 [0167.641] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673c50, puReturned=0x639acd8 | out: apObjects=0x673c50*=0x8f50070, puReturned=0x639acd8*=0x1) returned 0x0 [0167.643] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x8f50070) returned 0x0 [0167.643] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0167.643] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0167.643] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0167.644] IUnknown:AddRef (This=0x8f50070) returned 0x3 [0167.644] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0167.644] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0167.644] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x8f50074) returned 0x0 [0167.644] IMarshal:GetUnmarshalClass (in: This=0x8f50074, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0167.644] IUnknown:Release (This=0x8f50074) returned 0x3 [0167.644] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0167.644] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0167.644] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0167.644] IUnknown:Release (This=0x8f50070) returned 0x2 [0167.644] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0167.644] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0167.644] IUnknown:QueryInterface (in: This=0x8f50070, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x8f50070) returned 0x0 [0167.644] IUnknown:AddRef (This=0x8f50070) returned 0x4 [0167.644] IUnknown:Release (This=0x8f50070) returned 0x3 [0167.644] IUnknown:Release (This=0x8f50070) returned 0x2 [0167.644] CoTaskMemFree (pv=0x673c50) [0167.645] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0167.645] IUnknown:AddRef (This=0x8f50070) returned 0x3 [0167.645] IWbemClassObject:Get (in: This=0x8f50070, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0167.645] IWbemClassObject:Get (in: This=0x8f50070, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0167.645] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x7a [0167.645] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x7a [0167.645] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x46c [0167.645] SetEvent (hEvent=0x3b4) returned 1 [0167.646] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x46c, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0167.649] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0167.649] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0167.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x67d190) returned 0x0 [0167.649] WbemDefPath:IUnknown:AddRef (This=0x67d190) returned 0x3 [0167.650] WbemDefPath:IUnknown:Release (This=0x67d190) returned 0x2 [0167.650] WbemDefPath:IWbemPath:SetText (This=0x67d190, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.650] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.650] IWbemClassObject:Get (in: This=0x8f50070, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d988*=0, plFlavor=0x639d98c*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x639d988*=11, plFlavor=0x639d98c*=0) returned 0x0 [0167.650] IWbemClassObject:Get (in: This=0x8f50070, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639d988*=11, plFlavor=0x639d98c*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x639d988*=11, plFlavor=0x639d98c*=0) returned 0x0 [0167.652] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0167.652] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0167.652] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.652] IWbemClassObject:Get (in: This=0x8f50070, wszName="MacAddress", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639da24*=0, plFlavor=0x639da28*=0 | out: pVal=0x19f3e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:09:6F:78:F0:0A", varVal2=0x0), pType=0x639da24*=8, plFlavor=0x639da28*=0) returned 0x0 [0167.652] SysStringByteLen (bstr="00:09:6F:78:F0:0A") returned 0x22 [0167.652] SysStringByteLen (bstr="00:09:6F:78:F0:0A") returned 0x22 [0167.652] IWbemClassObject:Get (in: This=0x8f50070, wszName="MacAddress", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x639da24*=8, plFlavor=0x639da28*=0 | out: pVal=0x19f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:09:6F:78:F0:0A", varVal2=0x0), pType=0x639da24*=8, plFlavor=0x639da28*=0) returned 0x0 [0167.652] SysStringByteLen (bstr="00:09:6F:78:F0:0A") returned 0x22 [0167.652] SysStringByteLen (bstr="00:09:6F:78:F0:0A") returned 0x22 [0167.652] IUnknown:Release (This=0x8f50070) returned 0x2 [0167.653] CoTaskMemAlloc (cb=0x4) returned 0x673ce0 [0167.653] IEnumWbemClassObject:Next (in: This=0x65af28, lTimeout=-1, uCount=0x1, apObjects=0x673ce0, puReturned=0x639acd8 | out: apObjects=0x673ce0*=0x0, puReturned=0x639acd8*=0x0) returned 0x1 [0167.654] CoTaskMemFree (pv=0x673ce0) [0167.655] CoGetContextToken (in: pToken=0x19f318 | out: pToken=0x19f318) returned 0x0 [0167.655] WbemLocator:IUnknown:Release (This=0x682138) returned 0x1 [0167.655] IUnknown:Release (This=0x65af28) returned 0x0 [0167.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", nBufferLength=0x105, lpBuffer=0x19eef4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe", lpFilePart=0x0) returned 0x38 [0167.675] GetEnvironmentVariableW (in: lpName="%startupfolder%", lpBuffer=0x19f354, nSize=0x80 | out: lpBuffer="") returned 0x0 [0167.697] GetUserNameW (in: lpBuffer=0x19f254, pcbBuffer=0x639ea38 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x639ea38) returned 1 [0167.710] GetComputerNameW (in: lpBuffer=0x19f254, nSize=0x639eeb4 | out: lpBuffer="XC64ZB", nSize=0x639eeb4) returned 1 [0167.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19ee60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0167.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0167.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0167.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0167.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f288) returned 1 [0167.733] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f304 | out: lpFileInformation=0x19f304*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0167.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f284) returned 1 [0167.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0167.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f264) returned 1 [0167.734] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x474 [0167.734] GetFileType (hFile=0x474) returned 0x1 [0167.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0167.734] GetFileType (hFile=0x474) returned 0x1 [0167.737] GetFileSize (in: hFile=0x474, lpFileSizeHigh=0x19f290 | out: lpFileSizeHigh=0x19f290*=0x0) returned 0x8c8f [0167.738] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f24c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f24c*=0x1000, lpOverlapped=0x0) returned 1 [0167.740] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f200, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f200*=0x1000, lpOverlapped=0x0) returned 1 [0167.741] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0167.741] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0167.741] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0167.741] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0167.741] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f1fc, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f1fc*=0x1000, lpOverlapped=0x0) returned 1 [0167.742] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0167.742] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f17c*=0xc8f, lpOverlapped=0x0) returned 1 [0167.742] ReadFile (in: hFile=0x474, lpBuffer=0x63a026c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f224, lpOverlapped=0x0 | out: lpBuffer=0x63a026c*, lpNumberOfBytesRead=0x19f224*=0x0, lpOverlapped=0x0) returned 1 [0167.742] CloseHandle (hObject=0x474) returned 1 [0167.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0167.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19eddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0167.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0167.743] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ca8931, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ca8931, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ca8931, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0167.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0167.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config", lpFilePart=0x0) returned 0x3f [0167.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f260) returned 1 [0167.743] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\cvtres.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\cvtres.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x474 [0167.743] GetFileType (hFile=0x474) returned 0x1 [0167.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f25c) returned 1 [0167.743] GetFileType (hFile=0x474) returned 0x1 [0167.744] GetFileSize (in: hFile=0x474, lpFileSizeHigh=0x19f28c | out: lpFileSizeHigh=0x19f28c*=0x0) returned 0x119 [0167.744] ReadFile (in: hFile=0x474, lpBuffer=0x63a6c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f248, lpOverlapped=0x0 | out: lpBuffer=0x63a6c9c*, lpNumberOfBytesRead=0x19f248*=0x119, lpOverlapped=0x0) returned 1 [0167.745] ReadFile (in: hFile=0x474, lpBuffer=0x63a6c9c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x63a6c9c*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0167.745] CloseHandle (hObject=0x474) returned 1 [0167.869] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f400 | out: UnbiasedTime=0x19f400) returned 1 [0167.881] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3f0 | out: UnbiasedTime=0x19f3f0) returned 1 [0167.881] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f420 | out: UnbiasedTime=0x19f420) returned 1 [0167.881] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f410 | out: UnbiasedTime=0x19f410) returned 1 [0168.020] CoTaskMemAlloc (cb=0x20c) returned 0x69e4b0 [0168.020] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69e4b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0168.023] CoTaskMemFree (pv=0x69e4b0) [0168.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0168.025] CoTaskMemAlloc (cb=0x20c) returned 0x69e4b0 [0168.025] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69e4b0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0168.025] CoTaskMemFree (pv=0x69e4b0) [0168.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0168.634] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0168.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0168.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0168.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0168.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.637] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0168.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.637] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0168.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0168.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0168.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0168.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.639] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0168.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.639] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0168.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0168.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0168.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0168.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0168.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0168.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0168.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0168.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0168.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0168.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0168.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0168.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0168.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0168.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0168.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.646] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0168.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0168.646] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0168.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0168.670] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x0) returned 0x2 [0168.672] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x0) returned 0x2 [0168.674] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x0) returned 0x2 [0168.676] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x4b4) returned 0x0 [0168.677] RegQueryInfoKeyW (in: hKey=0x4b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f0e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f0e4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f0e8*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f0e4*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0168.677] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x0, lpName=0x63b96f0, lpcchName=0x19f104, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f104, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0168.677] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x1, lpName=0x63b96f0, lpcchName=0x19f104, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f104, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0168.677] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x2, lpName=0x63b96f0, lpcchName=0x19f104, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f104, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0168.678] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x4b8) returned 0x0 [0168.679] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.680] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.682] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.683] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.683] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.683] RegCloseKey (hKey=0x4b8) returned 0x0 [0168.683] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x4b8) returned 0x0 [0168.683] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x1, lpData=0x0, lpcbData=0x19f0dc*=0x1e) returned 0x0 [0168.683] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63b9ce4, lpcbData=0x19f0dc*=0x1e | out: lpType=0x19f0e0*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f0dc*=0x1e) returned 0x0 [0168.683] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x3, lpData=0x0, lpcbData=0x19f0dc*=0x121) returned 0x0 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63b9d3c, lpcbData=0x19f0dc*=0x121 | out: lpType=0x19f0e0*=0x3, lpData=0x63b9d3c*, lpcbData=0x19f0dc*=0x121) returned 0x0 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x3, lpData=0x0, lpcbData=0x19f0dc*=0x121) returned 0x0 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63b9ea0, lpcbData=0x19f0dc*=0x121 | out: lpType=0x19f0e0*=0x3, lpData=0x63b9ea0*, lpcbData=0x19f0dc*=0x121) returned 0x0 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x3, lpData=0x0, lpcbData=0x19f0dc*=0x121) returned 0x0 [0168.684] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63b9fd0, lpcbData=0x19f0dc*=0x121 | out: lpType=0x19f0e0*=0x3, lpData=0x63b9fd0*, lpcbData=0x19f0dc*=0x121) returned 0x0 [0170.362] CryptUnprotectData (in: pDataIn=0x19f0c8, ppszDataDescr=0x0, pOptionalEntropy=0x19f0c0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f0d0 | out: ppszDataDescr=0x0, pDataOut=0x19f0d0) returned 1 [0170.783] LocalFree (hMem=0x64e4a8) returned 0x0 [0170.802] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.802] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.802] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x1, lpData=0x0, lpcbData=0x19f0dc*=0x1e) returned 0x0 [0170.802] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63ba300, lpcbData=0x19f0dc*=0x1e | out: lpType=0x19f0e0*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f0dc*=0x1e) returned 0x0 [0170.805] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x1, lpData=0x0, lpcbData=0x19f0dc*=0x1c) returned 0x0 [0170.805] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63ba37c, lpcbData=0x19f0dc*=0x1c | out: lpType=0x19f0e0*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f0dc*=0x1c) returned 0x0 [0170.805] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x1, lpData=0x0, lpcbData=0x19f0dc*=0x1c) returned 0x0 [0170.805] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f0e0, lpData=0x63ba3cc, lpcbData=0x19f0dc*=0x1c | out: lpType=0x19f0e0*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f0dc*=0x1c) returned 0x0 [0170.817] RegCloseKey (hKey=0x4b8) returned 0x0 [0170.817] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0c0 | out: phkResult=0x19f0c0*=0x4b8) returned 0x0 [0170.817] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.817] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.817] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.817] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.817] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f0e0, lpData=0x0, lpcbData=0x19f0dc*=0x0 | out: lpType=0x19f0e0*=0x0, lpData=0x0, lpcbData=0x19f0dc*=0x0) returned 0x2 [0170.817] RegCloseKey (hKey=0x4b8) returned 0x0 [0170.831] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x19d848, nSize=0x80 | out: lpBuffer="") returned 0x25 [0171.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0171.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.081] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.349] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0171.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.350] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0171.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.360] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.363] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0171.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.363] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.368] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19efe8, nSize=0x80 | out: lpBuffer="") returned 0x25 [0171.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x19ebfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2e [0171.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0a0) returned 1 [0171.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x19f11c | out: lpFileInformation=0x19f11c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f09c) returned 1 [0171.370] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0171.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.370] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0171.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0171.372] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0171.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0171.990] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19efc4, nSize=0x80 | out: lpBuffer="") returned 0x25 [0171.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x19ebe0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x3b [0171.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f088) returned 1 [0171.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f104 | out: lpFileInformation=0x19f104*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f084) returned 1 [0172.346] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efb4 | out: phkResult=0x19efb4*=0x0) returned 0x2 [0172.423] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efb4 | out: phkResult=0x19efb4*=0x0) returned 0x2 [0172.423] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x19ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0172.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef7c) returned 1 [0172.423] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x19eff8 | out: lpFileInformation=0x19eff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef78) returned 1 [0172.425] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x19ead8, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0172.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef7c) returned 1 [0172.425] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19eff8 | out: lpFileInformation=0x19eff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef78) returned 1 [0172.425] CoTaskMemAlloc (cb=0x20c) returned 0x8f55868 [0172.425] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x8f55868 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0172.425] CoTaskMemFree (pv=0x8f55868) [0172.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ea4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0172.426] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4c [0172.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef7c) returned 1 [0172.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19eff8 | out: lpFileInformation=0x19eff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef78) returned 1 [0172.426] CoTaskMemAlloc (cb=0x20c) returned 0x8f55868 [0172.426] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x8f55868 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0172.427] CoTaskMemFree (pv=0x8f55868) [0172.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ea4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0172.427] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x52 [0172.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef7c) returned 1 [0172.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19eff8 | out: lpFileInformation=0x19eff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef78) returned 1 [0172.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0172.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0172.429] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0172.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0172.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0172.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0172.431] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0172.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0172.446] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0172.446] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0172.446] CoTaskMemFree (pv=0x69d8a8) [0172.446] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0172.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19ea18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0172.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eebc) returned 1 [0172.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19ef38 | out: lpFileInformation=0x19ef38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb8) returned 1 [0173.084] VaultEnumerateVaults () returned 0x0 [0173.210] VaultOpenVault () returned 0x0 [0173.214] VaultEnumerateItems () returned 0x0 [0173.214] VaultOpenVault () returned 0x0 [0173.215] VaultEnumerateItems () returned 0x0 [0173.226] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.226] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0173.226] CoTaskMemFree (pv=0x69d8a8) [0173.226] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eb8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0173.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f138) returned 1 [0173.228] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19ebf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0173.229] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\*"), lpFindFileData=0x19ee60 | out: lpFindFileData=0x19ee60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0173.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0fc) returned 1 [0173.234] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0173.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.234] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0173.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.237] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.247] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19ea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x40 [0173.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efd0) returned 1 [0173.247] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d690) returned 1 [0173.345] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.345] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.346] CoTaskMemFree (pv=0x69d8a8) [0173.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.348] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.348] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.348] CoTaskMemFree (pv=0x69d8a8) [0173.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x19ec10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2f [0173.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0b4) returned 1 [0173.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x19f130 | out: lpFileInformation=0x19f130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0b0) returned 1 [0173.369] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.369] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0173.369] CoTaskMemFree (pv=0x69d8a8) [0173.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0173.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x40 [0173.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe0) returned 1 [0173.372] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6a0) returned 1 [0173.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0173.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0173.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.380] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0173.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.385] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0173.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.389] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.402] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.402] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.402] CoTaskMemFree (pv=0x69d8a8) [0173.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eb70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x19ec08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x48 [0173.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0b0) returned 1 [0173.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f12c | out: lpFileInformation=0x19f12c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0ac) returned 1 [0173.429] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.429] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.429] CoTaskMemFree (pv=0x69d8a8) [0173.429] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eab0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x19eb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x30 [0173.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe4) returned 1 [0173.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x19f060 | out: lpFileInformation=0x19f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe0) returned 1 [0173.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x19eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x38 [0173.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff0) returned 1 [0173.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x19f06c | out: lpFileInformation=0x19f06c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efec) returned 1 [0173.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0173.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.434] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.437] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0173.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.438] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.441] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0173.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.442] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0173.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.445] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.449] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.449] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0173.451] CoTaskMemFree (pv=0x69d8a8) [0173.451] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x19eb98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0173.452] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.452] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.453] CoTaskMemFree (pv=0x69d8a8) [0173.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eb98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.530] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x19ec00, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0173.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0a8) returned 1 [0173.530] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f124 | out: lpFileInformation=0x19f124*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0a4) returned 1 [0173.543] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0e4 | out: phkResult=0x19f0e4*=0x0) returned 0x2 [0173.544] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x19ec08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Folder.lst", lpFilePart=0x0) returned 0x28 [0173.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0b0) returned 1 [0173.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Folder.lst" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x19f12c | out: lpFileInformation=0x19f12c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0ac) returned 1 [0173.545] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0173.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.545] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.547] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0173.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.547] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.549] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.549] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0173.549] CoTaskMemFree (pv=0x69d8a8) [0173.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ebb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0173.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x19ec48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x3b [0173.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0f0) returned 1 [0173.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x19f16c | out: lpFileInformation=0x19f16c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0ec) returned 1 [0173.554] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0fc | out: phkResult=0x19f0fc*=0x0) returned 0x2 [0173.954] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.954] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0173.954] CoTaskMemFree (pv=0x69d8a8) [0173.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0173.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19ebc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0173.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f064) returned 1 [0173.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f0e0 | out: lpFileInformation=0x19f0e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f060) returned 1 [0173.965] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.965] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0173.965] CoTaskMemFree (pv=0x69d8a8) [0173.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0173.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19ec04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0173.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0a8) returned 1 [0173.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f124 | out: lpFileInformation=0x19f124*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0a4) returned 1 [0173.966] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19ec0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x58 [0173.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0b4) returned 1 [0173.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f130 | out: lpFileInformation=0x19f130*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0b0) returned 1 [0173.970] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f10c | out: phkResult=0x19f10c*=0x0) returned 0x2 [0173.974] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0173.975] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0173.975] CoTaskMemFree (pv=0x69d8a8) [0173.975] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eb70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0173.975] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x19ec08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x44 [0173.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0b0) returned 1 [0173.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f12c | out: lpFileInformation=0x19f12c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0173.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0ac) returned 1 [0173.976] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0173.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.976] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.983] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0173.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0173.983] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0173.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d6c0) returned 1 [0173.990] GetUserNameW (in: lpBuffer=0x19f1bc, pcbBuffer=0x63ea7f8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x63ea7f8) returned 1 [0173.992] GetComputerNameW (in: lpBuffer=0x19f1bc, nSize=0x63eacc0 | out: lpBuffer="XC64ZB", nSize=0x63eacc0) returned 1 [0173.999] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19f230 | out: lpTimeZoneInformation=0x19f230) returned 0x2 [0174.001] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19f08c | out: pTimeZoneInformation=0x19f08c) returned 0x2 [0174.002] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f170 | out: phkResult=0x19f170*=0x4e0) returned 0x0 [0174.003] RegQueryValueExW (in: hKey=0x4e0, lpValueName="TZI", lpReserved=0x0, lpType=0x19f18c, lpData=0x0, lpcbData=0x19f188*=0x0 | out: lpType=0x19f18c*=0x3, lpData=0x0, lpcbData=0x19f188*=0x2c) returned 0x0 [0174.004] RegQueryValueExW (in: hKey=0x4e0, lpValueName="TZI", lpReserved=0x0, lpType=0x19f18c, lpData=0x63eb968, lpcbData=0x19f188*=0x2c | out: lpType=0x19f18c*=0x3, lpData=0x63eb968*, lpcbData=0x19f188*=0x2c) returned 0x0 [0174.005] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efc4 | out: phkResult=0x19efc4*=0x0) returned 0x2 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f164, lpData=0x0, lpcbData=0x19f160*=0x0 | out: lpType=0x19f164*=0x1, lpData=0x0, lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f164, lpData=0x63ebd8c, lpcbData=0x19f160*=0x20 | out: lpType=0x19f164*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f164, lpData=0x0, lpcbData=0x19f160*=0x0 | out: lpType=0x19f164*=0x1, lpData=0x0, lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f164, lpData=0x63ebde4, lpcbData=0x19f160*=0x20 | out: lpType=0x19f164*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f164, lpData=0x0, lpcbData=0x19f160*=0x0 | out: lpType=0x19f164*=0x1, lpData=0x0, lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f164, lpData=0x63ebe3c, lpcbData=0x19f160*=0x20 | out: lpType=0x19f164*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19f160*=0x20) returned 0x0 [0174.005] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.005] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0174.006] CoTaskMemFree (pv=0x69d8a8) [0174.007] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.007] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath=0x69d8a8, pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178 | out: pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178) returned 1 [0174.062] CoTaskMemFree (pv=0x0) [0174.062] CoTaskMemFree (pv=0x69d8a8) [0174.062] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x92b0001 [0174.142] CoTaskMemAlloc (cb=0x3ec) returned 0x8f55868 [0174.142] LoadStringW (in: hInstance=0x92b0001, uID=0x140, lpBuffer=0x8f55868, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0174.143] CoTaskMemFree (pv=0x8f55868) [0174.143] FreeLibrary (hLibModule=0x92b0001) returned 1 [0174.144] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.144] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0174.144] CoTaskMemFree (pv=0x69d8a8) [0174.144] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.144] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath=0x69d8a8, pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178 | out: pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178) returned 1 [0174.146] CoTaskMemFree (pv=0x0) [0174.146] CoTaskMemFree (pv=0x69d8a8) [0174.146] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x92b0001 [0174.149] CoTaskMemAlloc (cb=0x3ec) returned 0x8f55868 [0174.149] LoadStringW (in: hInstance=0x92b0001, uID=0x142, lpBuffer=0x8f55868, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0174.149] CoTaskMemFree (pv=0x8f55868) [0174.149] FreeLibrary (hLibModule=0x92b0001) returned 1 [0174.150] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.150] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x69d8a8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0174.150] CoTaskMemFree (pv=0x69d8a8) [0174.150] CoTaskMemAlloc (cb=0x20c) returned 0x69d8a8 [0174.151] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath=0x69d8a8, pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178 | out: pwszLanguage=0x0, pcchLanguage=0x19f180, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f184, pululEnumerator=0x19f178) returned 1 [0174.153] CoTaskMemFree (pv=0x0) [0174.153] CoTaskMemFree (pv=0x69d8a8) [0174.153] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x92b0001 [0174.156] CoTaskMemAlloc (cb=0x3ec) returned 0x8f55868 [0174.156] LoadStringW (in: hInstance=0x92b0001, uID=0x141, lpBuffer=0x8f55868, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0174.157] CoTaskMemFree (pv=0x8f55868) [0174.157] FreeLibrary (hLibModule=0x92b0001) returned 1 [0174.158] RegCloseKey (hKey=0x4e0) returned 0x0 [0174.338] GetUserNameW (in: lpBuffer=0x19f1ac, pcbBuffer=0x63f2a24 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x63f2a24) returned 1 [0174.340] GetComputerNameW (in: lpBuffer=0x19f1ac, nSize=0x63f2ebc | out: lpBuffer="XC64ZB", nSize=0x63f2ebc) returned 1 [0174.362] SetEvent (hEvent=0x3b4) returned 1 [0174.362] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f32c*=0x4e0, lpdwindex=0x19f14c | out: lpdwindex=0x19f14c) returned 0x0 [0174.366] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0174.366] CoGetContextToken (in: pToken=0x19f158 | out: pToken=0x19f158) returned 0x0 [0174.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x19f228*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x67d200) returned 0x0 [0174.366] WbemDefPath:IUnknown:AddRef (This=0x67d200) returned 0x3 [0174.366] WbemDefPath:IUnknown:Release (This=0x67d200) returned 0x2 [0174.367] WbemDefPath:IWbemPath:SetText (This=0x67d200, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0174.367] WbemDefPath:IWbemPath:GetInfo (in: This=0x67d200, uRequestedInfo=0x0, puResponse=0x19f3d8 | out: puResponse=0x19f3d8*=0xc15) returned 0x0 [0174.367] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67d200, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x0) returned 0x0 [0174.368] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x2) returned 0x0 [0174.368] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3a4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a4*=0xf, pszText=0x0) returned 0x0 [0174.368] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f3a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.380] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f240*=0x4f4, lpdwindex=0x19f0f4 | out: lpdwindex=0x19f0f4) returned 0x0 [0174.441] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0174.441] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0174.441] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef7da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef84 | out: ppvObject=0x19ef84*=0x5dfaf8) returned 0x0 [0174.441] CObjectContext::ContextCallback () returned 0x0 [0174.442] IUnknown:Release (This=0x5dfaf8) returned 0x1 [0174.443] CoUnmarshalInterface (in: pStm=0x685c58, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff4 | out: ppv=0x19eff4*=0x681838) returned 0x0 [0174.443] CoMarshalInterface (pStm=0x685c58, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x681838, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0174.443] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x681838) returned 0x0 [0174.443] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee50 | out: ppvObject=0x19ee50*=0x0) returned 0x80004002 [0174.444] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x0) returned 0x80004002 [0174.444] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea44 | out: ppvObject=0x19ea44*=0x0) returned 0x80004002 [0174.445] WbemLocator:IUnknown:AddRef (This=0x681838) returned 0x3 [0174.445] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0174.445] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0174.445] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x681794) returned 0x0 [0174.445] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x681794, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.445] WbemLocator:IUnknown:Release (This=0x681794) returned 0x3 [0174.445] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0174.445] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0174.445] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x68181c) returned 0x0 [0174.445] WbemLocator:IRpcOptions:Query (in: This=0x68181c, pPrx=0x681838, dwProperty=2, pdwValue=0x19ec60 | out: pdwValue=0x19ec60) returned 0x0 [0174.445] WbemLocator:IUnknown:Release (This=0x68181c) returned 0x3 [0174.446] WbemLocator:IUnknown:Release (This=0x681838) returned 0x2 [0174.446] WbemLocator:IUnknown:Release (This=0x681838) returned 0x1 [0174.446] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0174.446] WbemLocator:IUnknown:AddRef (This=0x681838) returned 0x2 [0174.446] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x681814) returned 0x0 [0174.446] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x681814, pProxy=0x681838, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0174.446] WbemLocator:IUnknown:Release (This=0x681814) returned 0x2 [0174.446] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x681838) returned 0x0 [0174.446] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x681814) returned 0x0 [0174.446] WbemLocator:IClientSecurity:SetBlanket (This=0x681814, pProxy=0x681838, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.446] WbemLocator:IUnknown:Release (This=0x681814) returned 0x3 [0174.446] WbemLocator:IUnknown:Release (This=0x681838) returned 0x2 [0174.447] CoTaskMemFree (pv=0x661498) [0174.447] WbemLocator:IUnknown:Release (This=0x681838) returned 0x1 [0174.447] SysStringLen (param_1=0x0) returned 0x0 [0174.447] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0174.447] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0174.447] WbemLocator:IUnknown:QueryInterface (in: This=0x681838, riid=0x19f1e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x67e310) returned 0x0 [0174.447] WbemLocator:IUnknown:AddRef (This=0x67e310) returned 0x3 [0174.447] WbemLocator:IUnknown:Release (This=0x67e310) returned 0x2 [0174.447] CoGetContextToken (in: pToken=0x19f178 | out: pToken=0x19f178) returned 0x0 [0174.448] WbemLocator:IUnknown:AddRef (This=0x67e310) returned 0x3 [0174.448] WbemLocator:IUnknown:QueryInterface (in: This=0x67e310, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x681814) returned 0x0 [0174.448] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x681814, pProxy=0x67e310, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0174.448] WbemLocator:IUnknown:Release (This=0x681814) returned 0x3 [0174.448] WbemLocator:IUnknown:QueryInterface (in: This=0x67e310, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x681838) returned 0x0 [0174.448] WbemLocator:IUnknown:QueryInterface (in: This=0x67e310, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x681814) returned 0x0 [0174.448] WbemLocator:IClientSecurity:SetBlanket (This=0x681814, pProxy=0x67e310, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.448] WbemLocator:IUnknown:Release (This=0x681814) returned 0x4 [0174.448] WbemLocator:IUnknown:Release (This=0x681838) returned 0x3 [0174.448] CoTaskMemFree (pv=0x661288) [0174.449] WbemLocator:IUnknown:Release (This=0x67e310) returned 0x2 [0174.449] SysStringLen (param_1=0x0) returned 0x0 [0174.449] CoGetContextToken (in: pToken=0x19f0f0 | out: pToken=0x19f0f0) returned 0x0 [0174.449] WbemLocator:IUnknown:AddRef (This=0x67e310) returned 0x3 [0174.449] IWbemServices:ExecQuery (in: This=0x67e310, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x19f308 | out: ppEnum=0x19f308*=0x65b310) returned 0x0 [0174.536] IUnknown:QueryInterface (in: This=0x65b310, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f158 | out: ppvObject=0x19f158*=0x65b314) returned 0x0 [0174.536] IClientSecurity:QueryBlanket (in: This=0x65b314, pProxy=0x65b310, pAuthnSvc=0x19f1a8, pAuthzSvc=0x19f1a4, pServerPrincName=0x19f19c, pAuthnLevel=0x19f1a0, pImpLevel=0x19f190, pAuthInfo=0x19f194, pCapabilites=0x19f198 | out: pAuthnSvc=0x19f1a8*=0xa, pAuthzSvc=0x19f1a4*=0x0, pServerPrincName=0x19f19c, pAuthnLevel=0x19f1a0*=0x6, pImpLevel=0x19f190*=0x2, pAuthInfo=0x19f194, pCapabilites=0x19f198*=0x1) returned 0x0 [0174.536] IUnknown:Release (This=0x65b314) returned 0x1 [0174.536] IUnknown:QueryInterface (in: This=0x65b310, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f14c | out: ppvObject=0x19f14c*=0x682a38) returned 0x0 [0174.537] IUnknown:QueryInterface (in: This=0x65b310, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f138 | out: ppvObject=0x19f138*=0x65b314) returned 0x0 [0174.537] IClientSecurity:SetBlanket (This=0x65b314, pProxy=0x65b310, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.539] IUnknown:Release (This=0x65b314) returned 0x2 [0174.539] WbemLocator:IUnknown:Release (This=0x682a38) returned 0x1 [0174.539] CoTaskMemFree (pv=0x6611f8) [0174.539] IUnknown:QueryInterface (in: This=0x65b310, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed44 | out: ppvObject=0x19ed44*=0x682a38) returned 0x0 [0174.540] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed00 | out: ppvObject=0x19ed00*=0x0) returned 0x80004002 [0174.540] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb1c | out: ppvObject=0x19eb1c*=0x0) returned 0x80004002 [0174.541] IUnknown:QueryInterface (in: This=0x65b310, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0174.542] WbemLocator:IUnknown:AddRef (This=0x682a38) returned 0x3 [0174.542] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e654 | out: ppvObject=0x19e654*=0x0) returned 0x80004002 [0174.542] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0174.542] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x682994) returned 0x0 [0174.542] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682994, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e618 | out: pCid=0x19e618*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.542] WbemLocator:IUnknown:Release (This=0x682994) returned 0x3 [0174.542] CoGetContextToken (in: pToken=0x19e670 | out: pToken=0x19e670) returned 0x0 [0174.542] CoGetContextToken (in: pToken=0x19ea78 | out: pToken=0x19ea78) returned 0x0 [0174.542] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb04 | out: ppvObject=0x19eb04*=0x682a1c) returned 0x0 [0174.543] WbemLocator:IRpcOptions:Query (in: This=0x682a1c, pPrx=0x682a38, dwProperty=2, pdwValue=0x19eb10 | out: pdwValue=0x19eb10) returned 0x80004002 [0174.543] WbemLocator:IUnknown:Release (This=0x682a1c) returned 0x3 [0174.543] WbemLocator:IUnknown:Release (This=0x682a38) returned 0x2 [0174.543] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0174.543] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0174.543] WbemLocator:IUnknown:QueryInterface (in: This=0x682a38, riid=0x19f088*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x65b310) returned 0x0 [0174.543] IUnknown:AddRef (This=0x65b310) returned 0x4 [0174.543] IUnknown:Release (This=0x65b310) returned 0x3 [0174.543] IUnknown:Release (This=0x65b310) returned 0x2 [0174.543] WbemLocator:IUnknown:Release (This=0x67e310) returned 0x2 [0174.543] SysStringLen (param_1=0x0) returned 0x0 [0174.543] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0174.543] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0174.543] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.543] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0174.543] IUnknown:AddRef (This=0x65b310) returned 0x3 [0174.543] IEnumWbemClassObject:Clone (in: This=0x65b310, ppEnum=0x19f350 | out: ppEnum=0x19f350*=0x65b3d8) returned 0x0 [0174.545] IUnknown:QueryInterface (in: This=0x65b3d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x65b3dc) returned 0x0 [0174.545] IClientSecurity:QueryBlanket (in: This=0x65b3dc, pProxy=0x65b3d8, pAuthnSvc=0x19f25c, pAuthzSvc=0x19f258, pServerPrincName=0x19f250, pAuthnLevel=0x19f254, pImpLevel=0x19f244, pAuthInfo=0x19f248, pCapabilites=0x19f24c | out: pAuthnSvc=0x19f25c*=0xa, pAuthzSvc=0x19f258*=0x0, pServerPrincName=0x19f250, pAuthnLevel=0x19f254*=0x6, pImpLevel=0x19f244*=0x2, pAuthInfo=0x19f248, pCapabilites=0x19f24c*=0x1) returned 0x0 [0174.545] IUnknown:Release (This=0x65b3dc) returned 0x1 [0174.545] IUnknown:QueryInterface (in: This=0x65b3d8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x682b38) returned 0x0 [0174.545] IUnknown:QueryInterface (in: This=0x65b3d8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x65b3dc) returned 0x0 [0174.545] IClientSecurity:SetBlanket (This=0x65b3dc, pProxy=0x65b3d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.548] IUnknown:Release (This=0x65b3dc) returned 0x2 [0174.548] WbemLocator:IUnknown:Release (This=0x682b38) returned 0x1 [0174.548] CoTaskMemFree (pv=0x6611f8) [0174.548] IUnknown:QueryInterface (in: This=0x65b3d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ede8 | out: ppvObject=0x19ede8*=0x682b38) returned 0x0 [0174.548] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x0) returned 0x80004002 [0174.549] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebc4 | out: ppvObject=0x19ebc4*=0x0) returned 0x80004002 [0174.549] IUnknown:QueryInterface (in: This=0x65b3d8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e99c | out: ppvObject=0x19e99c*=0x0) returned 0x80004002 [0174.550] WbemLocator:IUnknown:AddRef (This=0x682b38) returned 0x3 [0174.550] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6fc | out: ppvObject=0x19e6fc*=0x0) returned 0x80004002 [0174.550] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6ac | out: ppvObject=0x19e6ac*=0x0) returned 0x80004002 [0174.550] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6b8 | out: ppvObject=0x19e6b8*=0x682a94) returned 0x0 [0174.550] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682a94, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6c0 | out: pCid=0x19e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.550] WbemLocator:IUnknown:Release (This=0x682a94) returned 0x3 [0174.550] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0174.551] CoGetContextToken (in: pToken=0x19eb20 | out: pToken=0x19eb20) returned 0x0 [0174.551] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x682b1c) returned 0x0 [0174.551] WbemLocator:IRpcOptions:Query (in: This=0x682b1c, pPrx=0x682b38, dwProperty=2, pdwValue=0x19ebb8 | out: pdwValue=0x19ebb8) returned 0x80004002 [0174.551] WbemLocator:IUnknown:Release (This=0x682b1c) returned 0x3 [0174.551] WbemLocator:IUnknown:Release (This=0x682b38) returned 0x2 [0174.551] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0174.551] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0174.551] WbemLocator:IUnknown:QueryInterface (in: This=0x682b38, riid=0x19f128*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x65b3d8) returned 0x0 [0174.551] IUnknown:AddRef (This=0x65b3d8) returned 0x4 [0174.551] IUnknown:Release (This=0x65b3d8) returned 0x3 [0174.551] IUnknown:Release (This=0x65b3d8) returned 0x2 [0174.551] IUnknown:Release (This=0x65b310) returned 0x2 [0174.551] SysStringLen (param_1=0x0) returned 0x0 [0174.551] IEnumWbemClassObject:Reset (This=0x65b3d8) returned 0x0 [0174.552] CoTaskMemAlloc (cb=0x4) returned 0x673b40 [0174.553] IEnumWbemClassObject:Next (in: This=0x65b3d8, lTimeout=-1, uCount=0x1, apObjects=0x673b40, puReturned=0x63f43f0 | out: apObjects=0x673b40*=0x8f516c0, puReturned=0x63f43f0*=0x1) returned 0x0 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9a8 | out: ppvObject=0x19e9a8*=0x8f516c0) returned 0x0 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e964 | out: ppvObject=0x19e964*=0x0) returned 0x80004002 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e55c | out: ppvObject=0x19e55c*=0x0) returned 0x80004002 [0174.560] IUnknown:AddRef (This=0x8f516c0) returned 0x3 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2bc | out: ppvObject=0x19e2bc*=0x0) returned 0x80004002 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e26c | out: ppvObject=0x19e26c*=0x0) returned 0x80004002 [0174.560] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e278 | out: ppvObject=0x19e278*=0x8f516c4) returned 0x0 [0174.561] IMarshal:GetUnmarshalClass (in: This=0x8f516c4, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e280 | out: pCid=0x19e280*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0174.561] IUnknown:Release (This=0x8f516c4) returned 0x3 [0174.561] CoGetContextToken (in: pToken=0x19e2d8 | out: pToken=0x19e2d8) returned 0x0 [0174.561] CoGetContextToken (in: pToken=0x19e6e0 | out: pToken=0x19e6e0) returned 0x0 [0174.561] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e76c | out: ppvObject=0x19e76c*=0x0) returned 0x80004002 [0174.561] IUnknown:Release (This=0x8f516c0) returned 0x2 [0174.561] CoGetContextToken (in: pToken=0x19ecb8 | out: pToken=0x19ecb8) returned 0x0 [0174.561] CoGetContextToken (in: pToken=0x19ec18 | out: pToken=0x19ec18) returned 0x0 [0174.561] IUnknown:QueryInterface (in: This=0x8f516c0, riid=0x19ece8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ece4 | out: ppvObject=0x19ece4*=0x8f516c0) returned 0x0 [0174.561] IUnknown:AddRef (This=0x8f516c0) returned 0x4 [0174.561] IUnknown:Release (This=0x8f516c0) returned 0x3 [0174.561] IUnknown:Release (This=0x8f516c0) returned 0x2 [0174.561] CoTaskMemFree (pv=0x673b40) [0174.562] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0174.562] IUnknown:AddRef (This=0x8f516c0) returned 0x3 [0174.562] CoTaskMemAlloc (cb=0x4) returned 0x673b40 [0174.562] IEnumWbemClassObject:Next (in: This=0x65b3d8, lTimeout=-1, uCount=0x1, apObjects=0x673b40, puReturned=0x63f43f0 | out: apObjects=0x673b40*=0x0, puReturned=0x63f43f0*=0x0) returned 0x1 [0174.563] CoTaskMemFree (pv=0x673b40) [0174.563] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0174.563] IUnknown:AddRef (This=0x65b310) returned 0x3 [0174.563] IEnumWbemClassObject:Clone (in: This=0x65b310, ppEnum=0x19f360 | out: ppEnum=0x19f360*=0x65b0b8) returned 0x0 [0174.564] IUnknown:QueryInterface (in: This=0x65b0b8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x65b0bc) returned 0x0 [0174.564] IClientSecurity:QueryBlanket (in: This=0x65b0bc, pProxy=0x65b0b8, pAuthnSvc=0x19f26c, pAuthzSvc=0x19f268, pServerPrincName=0x19f260, pAuthnLevel=0x19f264, pImpLevel=0x19f254, pAuthInfo=0x19f258, pCapabilites=0x19f25c | out: pAuthnSvc=0x19f26c*=0xa, pAuthzSvc=0x19f268*=0x0, pServerPrincName=0x19f260, pAuthnLevel=0x19f264*=0x6, pImpLevel=0x19f254*=0x2, pAuthInfo=0x19f258, pCapabilites=0x19f25c*=0x1) returned 0x0 [0174.564] IUnknown:Release (This=0x65b0bc) returned 0x1 [0174.564] IUnknown:QueryInterface (in: This=0x65b0b8, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x682638) returned 0x0 [0174.565] IUnknown:QueryInterface (in: This=0x65b0b8, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x65b0bc) returned 0x0 [0174.565] IClientSecurity:SetBlanket (This=0x65b0bc, pProxy=0x65b0b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.566] IUnknown:Release (This=0x65b0bc) returned 0x2 [0174.566] WbemLocator:IUnknown:Release (This=0x682638) returned 0x1 [0174.566] CoTaskMemFree (pv=0x6612e8) [0174.567] IUnknown:QueryInterface (in: This=0x65b0b8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf8 | out: ppvObject=0x19edf8*=0x682638) returned 0x0 [0174.567] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb4 | out: ppvObject=0x19edb4*=0x0) returned 0x80004002 [0174.567] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0174.568] IUnknown:QueryInterface (in: This=0x65b0b8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0174.568] WbemLocator:IUnknown:AddRef (This=0x682638) returned 0x3 [0174.568] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0174.569] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0174.569] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x682594) returned 0x0 [0174.569] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682594, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.569] WbemLocator:IUnknown:Release (This=0x682594) returned 0x3 [0174.569] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0174.569] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0174.569] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebbc | out: ppvObject=0x19ebbc*=0x68261c) returned 0x0 [0174.569] WbemLocator:IRpcOptions:Query (in: This=0x68261c, pPrx=0x682638, dwProperty=2, pdwValue=0x19ebc8 | out: pdwValue=0x19ebc8) returned 0x80004002 [0174.569] WbemLocator:IUnknown:Release (This=0x68261c) returned 0x3 [0174.569] WbemLocator:IUnknown:Release (This=0x682638) returned 0x2 [0174.569] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0174.569] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0174.569] WbemLocator:IUnknown:QueryInterface (in: This=0x682638, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x65b0b8) returned 0x0 [0174.569] IUnknown:AddRef (This=0x65b0b8) returned 0x4 [0174.569] IUnknown:Release (This=0x65b0b8) returned 0x3 [0174.569] IUnknown:Release (This=0x65b0b8) returned 0x2 [0174.570] IUnknown:Release (This=0x65b310) returned 0x2 [0174.570] SysStringLen (param_1=0x0) returned 0x0 [0174.570] IEnumWbemClassObject:Reset (This=0x65b0b8) returned 0x0 [0174.570] CoTaskMemAlloc (cb=0x4) returned 0x61bac8 [0174.570] IEnumWbemClassObject:Next (in: This=0x65b0b8, lTimeout=-1, uCount=0x1, apObjects=0x61bac8, puReturned=0x63f44d4 | out: apObjects=0x61bac8*=0x8f51d20, puReturned=0x63f44d4*=0x1) returned 0x0 [0174.576] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9b8 | out: ppvObject=0x19e9b8*=0x8f51d20) returned 0x0 [0174.576] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e974 | out: ppvObject=0x19e974*=0x0) returned 0x80004002 [0174.576] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0174.576] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x0) returned 0x80004002 [0174.577] IUnknown:AddRef (This=0x8f51d20) returned 0x3 [0174.577] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0174.577] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e27c | out: ppvObject=0x19e27c*=0x0) returned 0x80004002 [0174.577] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e288 | out: ppvObject=0x19e288*=0x8f51d24) returned 0x0 [0174.577] IMarshal:GetUnmarshalClass (in: This=0x8f51d24, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e290 | out: pCid=0x19e290*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0174.577] IUnknown:Release (This=0x8f51d24) returned 0x3 [0174.577] CoGetContextToken (in: pToken=0x19e2e8 | out: pToken=0x19e2e8) returned 0x0 [0174.577] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0174.577] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0174.577] IUnknown:Release (This=0x8f51d20) returned 0x2 [0174.577] CoGetContextToken (in: pToken=0x19ecc8 | out: pToken=0x19ecc8) returned 0x0 [0174.577] CoGetContextToken (in: pToken=0x19ec28 | out: pToken=0x19ec28) returned 0x0 [0174.577] IUnknown:QueryInterface (in: This=0x8f51d20, riid=0x19ecf8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x8f51d20) returned 0x0 [0174.579] IUnknown:AddRef (This=0x8f51d20) returned 0x4 [0174.579] IUnknown:Release (This=0x8f51d20) returned 0x3 [0174.579] IUnknown:Release (This=0x8f51d20) returned 0x2 [0174.579] CoTaskMemFree (pv=0x61bac8) [0174.579] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0 [0174.579] IUnknown:AddRef (This=0x8f51d20) returned 0x3 [0174.579] IWbemClassObject:Get (in: This=0x8f51d20, wszName="__GENUS", lFlags=0, pVal=0x19f350*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d0*=0, plFlavor=0x19f3cc*=0 | out: pVal=0x19f350*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f3d0*=3, plFlavor=0x19f3cc*=64) returned 0x0 [0174.579] IWbemClassObject:Get (in: This=0x8f51d20, wszName="__PATH", lFlags=0, pVal=0x19f334*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3b8*=0, plFlavor=0x19f3b4*=0 | out: pVal=0x19f334*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x19f3b8*=8, plFlavor=0x19f3b4*=64) returned 0x0 [0174.579] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0174.579] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0174.580] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f8 [0174.580] SetEvent (hEvent=0x3b4) returned 1 [0174.580] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x4f8, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0174.583] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0174.583] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0174.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x67d270) returned 0x0 [0174.583] WbemDefPath:IUnknown:AddRef (This=0x67d270) returned 0x3 [0174.584] WbemDefPath:IUnknown:Release (This=0x67d270) returned 0x2 [0174.584] WbemDefPath:IWbemPath:SetText (This=0x67d270, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f38c | out: puCount=0x19f38c*=0x2) returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f388*=0x0, pszText=0x0 | out: puBuffLength=0x19f388*=0xf, pszText=0x0) returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f388*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f388*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f380 | out: puCount=0x19f380*=0x2) returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f37c*=0x0, pszText=0x0 | out: puBuffLength=0x19f37c*=0xf, pszText=0x0) returned 0x0 [0174.584] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f37c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f37c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.584] IWbemClassObject:Get (in: This=0x8f51d20, wszName="Name", lFlags=0, pVal=0x19f37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x63f4d30*=0, plFlavor=0x63f4d34*=0 | out: pVal=0x19f37c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x63f4d30*=8, plFlavor=0x63f4d34*=0) returned 0x0 [0174.584] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0174.584] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0174.584] IWbemClassObject:Get (in: This=0x8f51d20, wszName="Name", lFlags=0, pVal=0x19f384*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x63f4d30*=8, plFlavor=0x63f4d34*=0 | out: pVal=0x19f384*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x63f4d30*=8, plFlavor=0x63f4d34*=0) returned 0x0 [0174.584] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0174.585] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0174.618] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f398 | out: puCount=0x19f398*=0x2) returned 0x0 [0174.618] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0xf, pszText=0x0) returned 0x0 [0174.618] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f394*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f394*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.627] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f240*=0x50c, lpdwindex=0x19f0f4 | out: lpdwindex=0x19f0f4) returned 0x0 [0174.662] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0174.662] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0174.662] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef7da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef84 | out: ppvObject=0x19ef84*=0x5dfaf8) returned 0x0 [0174.663] CObjectContext::ContextCallback () returned 0x0 [0174.665] IUnknown:Release (This=0x5dfaf8) returned 0x1 [0174.665] CoUnmarshalInterface (in: pStm=0x685ab8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff4 | out: ppv=0x19eff4*=0x683138) returned 0x0 [0174.666] CoMarshalInterface (pStm=0x685ab8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x683138, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0174.666] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x683138) returned 0x0 [0174.666] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee50 | out: ppvObject=0x19ee50*=0x0) returned 0x80004002 [0174.667] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x0) returned 0x80004002 [0174.667] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea44 | out: ppvObject=0x19ea44*=0x0) returned 0x80004002 [0174.668] WbemLocator:IUnknown:AddRef (This=0x683138) returned 0x3 [0174.668] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0174.668] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0174.668] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x683094) returned 0x0 [0174.668] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x683094, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.668] WbemLocator:IUnknown:Release (This=0x683094) returned 0x3 [0174.668] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0174.668] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0174.668] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x68311c) returned 0x0 [0174.668] WbemLocator:IRpcOptions:Query (in: This=0x68311c, pPrx=0x683138, dwProperty=2, pdwValue=0x19ec60 | out: pdwValue=0x19ec60) returned 0x0 [0174.668] WbemLocator:IUnknown:Release (This=0x68311c) returned 0x3 [0174.668] WbemLocator:IUnknown:Release (This=0x683138) returned 0x2 [0174.669] WbemLocator:IUnknown:Release (This=0x683138) returned 0x1 [0174.669] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0174.669] WbemLocator:IUnknown:AddRef (This=0x683138) returned 0x2 [0174.669] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x683114) returned 0x0 [0174.669] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x683114, pProxy=0x683138, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0174.669] WbemLocator:IUnknown:Release (This=0x683114) returned 0x2 [0174.669] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x683138) returned 0x0 [0174.669] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x683114) returned 0x0 [0174.669] WbemLocator:IClientSecurity:SetBlanket (This=0x683114, pProxy=0x683138, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.670] WbemLocator:IUnknown:Release (This=0x683114) returned 0x3 [0174.670] WbemLocator:IUnknown:Release (This=0x683138) returned 0x2 [0174.670] CoTaskMemFree (pv=0x661318) [0174.670] WbemLocator:IUnknown:Release (This=0x683138) returned 0x1 [0174.670] SysStringLen (param_1=0x0) returned 0x0 [0174.670] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0174.670] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0174.670] WbemLocator:IUnknown:QueryInterface (in: This=0x683138, riid=0x19f1e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x67e4a0) returned 0x0 [0174.672] WbemLocator:IUnknown:AddRef (This=0x67e4a0) returned 0x3 [0174.672] WbemLocator:IUnknown:Release (This=0x67e4a0) returned 0x2 [0174.672] CoGetContextToken (in: pToken=0x19f178 | out: pToken=0x19f178) returned 0x0 [0174.672] WbemLocator:IUnknown:AddRef (This=0x67e4a0) returned 0x3 [0174.672] WbemLocator:IUnknown:QueryInterface (in: This=0x67e4a0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x683114) returned 0x0 [0174.672] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x683114, pProxy=0x67e4a0, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0174.673] WbemLocator:IUnknown:Release (This=0x683114) returned 0x3 [0174.673] WbemLocator:IUnknown:QueryInterface (in: This=0x67e4a0, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x683138) returned 0x0 [0174.673] WbemLocator:IUnknown:QueryInterface (in: This=0x67e4a0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x683114) returned 0x0 [0174.673] WbemLocator:IClientSecurity:SetBlanket (This=0x683114, pProxy=0x67e4a0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.673] WbemLocator:IUnknown:Release (This=0x683114) returned 0x4 [0174.673] WbemLocator:IUnknown:Release (This=0x683138) returned 0x3 [0174.673] CoTaskMemFree (pv=0x6614f8) [0174.673] WbemLocator:IUnknown:Release (This=0x67e4a0) returned 0x2 [0174.673] SysStringLen (param_1=0x0) returned 0x0 [0174.674] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0174.674] WbemLocator:IUnknown:AddRef (This=0x67e4a0) returned 0x3 [0174.674] IWbemServices:ExecQuery (in: This=0x67e4a0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19f308 | out: ppEnum=0x19f308*=0x65af28) returned 0x0 [0174.755] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f164 | out: ppvObject=0x19f164*=0x65af2c) returned 0x0 [0174.755] IClientSecurity:QueryBlanket (in: This=0x65af2c, pProxy=0x65af28, pAuthnSvc=0x19f1b4, pAuthzSvc=0x19f1b0, pServerPrincName=0x19f1a8, pAuthnLevel=0x19f1ac, pImpLevel=0x19f19c, pAuthInfo=0x19f1a0, pCapabilites=0x19f1a4 | out: pAuthnSvc=0x19f1b4*=0xa, pAuthzSvc=0x19f1b0*=0x0, pServerPrincName=0x19f1a8, pAuthnLevel=0x19f1ac*=0x6, pImpLevel=0x19f19c*=0x2, pAuthInfo=0x19f1a0, pCapabilites=0x19f1a4*=0x1) returned 0x0 [0174.755] IUnknown:Release (This=0x65af2c) returned 0x1 [0174.755] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f158 | out: ppvObject=0x19f158*=0x683438) returned 0x0 [0174.756] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f144 | out: ppvObject=0x19f144*=0x65af2c) returned 0x0 [0174.756] IClientSecurity:SetBlanket (This=0x65af2c, pProxy=0x65af28, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.758] IUnknown:Release (This=0x65af2c) returned 0x2 [0174.758] WbemLocator:IUnknown:Release (This=0x683438) returned 0x1 [0174.758] CoTaskMemFree (pv=0x6614f8) [0174.759] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed50 | out: ppvObject=0x19ed50*=0x683438) returned 0x0 [0174.759] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0174.760] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb2c | out: ppvObject=0x19eb2c*=0x0) returned 0x80004002 [0174.766] IUnknown:QueryInterface (in: This=0x65af28, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e904 | out: ppvObject=0x19e904*=0x0) returned 0x80004002 [0174.876] WbemLocator:IUnknown:AddRef (This=0x683438) returned 0x3 [0174.876] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x0) returned 0x80004002 [0174.876] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e614 | out: ppvObject=0x19e614*=0x0) returned 0x80004002 [0174.876] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e620 | out: ppvObject=0x19e620*=0x683394) returned 0x0 [0174.876] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x683394, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e628 | out: pCid=0x19e628*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.876] WbemLocator:IUnknown:Release (This=0x683394) returned 0x3 [0174.877] CoGetContextToken (in: pToken=0x19e680 | out: pToken=0x19e680) returned 0x0 [0174.877] CoGetContextToken (in: pToken=0x19ea88 | out: pToken=0x19ea88) returned 0x0 [0174.877] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb14 | out: ppvObject=0x19eb14*=0x68341c) returned 0x0 [0174.877] WbemLocator:IRpcOptions:Query (in: This=0x68341c, pPrx=0x683438, dwProperty=2, pdwValue=0x19eb20 | out: pdwValue=0x19eb20) returned 0x80004002 [0174.877] WbemLocator:IUnknown:Release (This=0x68341c) returned 0x3 [0174.877] WbemLocator:IUnknown:Release (This=0x683438) returned 0x2 [0174.877] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0174.877] CoGetContextToken (in: pToken=0x19efc0 | out: pToken=0x19efc0) returned 0x0 [0174.877] WbemLocator:IUnknown:QueryInterface (in: This=0x683438, riid=0x19f090*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f08c | out: ppvObject=0x19f08c*=0x65af28) returned 0x0 [0174.877] IUnknown:AddRef (This=0x65af28) returned 0x4 [0174.877] IUnknown:Release (This=0x65af28) returned 0x3 [0174.877] IUnknown:Release (This=0x65af28) returned 0x2 [0174.877] WbemLocator:IUnknown:Release (This=0x67e4a0) returned 0x2 [0174.877] SysStringLen (param_1=0x0) returned 0x0 [0174.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0174.877] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0174.878] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.878] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0174.878] IUnknown:AddRef (This=0x65af28) returned 0x3 [0174.878] IEnumWbemClassObject:Clone (in: This=0x65af28, ppEnum=0x19f360 | out: ppEnum=0x19f360*=0x65b4a0) returned 0x0 [0174.892] IUnknown:QueryInterface (in: This=0x65b4a0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x65b4a4) returned 0x0 [0174.892] IClientSecurity:QueryBlanket (in: This=0x65b4a4, pProxy=0x65b4a0, pAuthnSvc=0x19f26c, pAuthzSvc=0x19f268, pServerPrincName=0x19f260, pAuthnLevel=0x19f264, pImpLevel=0x19f254, pAuthInfo=0x19f258, pCapabilites=0x19f25c | out: pAuthnSvc=0x19f26c*=0xa, pAuthzSvc=0x19f268*=0x0, pServerPrincName=0x19f260, pAuthnLevel=0x19f264*=0x6, pImpLevel=0x19f254*=0x2, pAuthInfo=0x19f258, pCapabilites=0x19f25c*=0x1) returned 0x0 [0174.892] IUnknown:Release (This=0x65b4a4) returned 0x1 [0174.892] IUnknown:QueryInterface (in: This=0x65b4a0, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x682538) returned 0x0 [0174.892] IUnknown:QueryInterface (in: This=0x65b4a0, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x65b4a4) returned 0x0 [0174.893] IClientSecurity:SetBlanket (This=0x65b4a4, pProxy=0x65b4a0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.945] IUnknown:Release (This=0x65b4a4) returned 0x2 [0174.946] WbemLocator:IUnknown:Release (This=0x682538) returned 0x1 [0174.946] CoTaskMemFree (pv=0x6616d8) [0174.946] IUnknown:QueryInterface (in: This=0x65b4a0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf8 | out: ppvObject=0x19edf8*=0x682538) returned 0x0 [0174.946] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb4 | out: ppvObject=0x19edb4*=0x0) returned 0x80004002 [0174.947] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0174.948] IUnknown:QueryInterface (in: This=0x65b4a0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0174.949] WbemLocator:IUnknown:AddRef (This=0x682538) returned 0x3 [0174.949] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0174.949] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0174.949] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x682494) returned 0x0 [0174.950] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682494, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.950] WbemLocator:IUnknown:Release (This=0x682494) returned 0x3 [0174.950] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0174.950] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0174.950] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebbc | out: ppvObject=0x19ebbc*=0x68251c) returned 0x0 [0174.950] WbemLocator:IRpcOptions:Query (in: This=0x68251c, pPrx=0x682538, dwProperty=2, pdwValue=0x19ebc8 | out: pdwValue=0x19ebc8) returned 0x80004002 [0174.951] WbemLocator:IUnknown:Release (This=0x68251c) returned 0x3 [0174.951] WbemLocator:IUnknown:Release (This=0x682538) returned 0x2 [0174.951] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0174.951] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0174.951] WbemLocator:IUnknown:QueryInterface (in: This=0x682538, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x65b4a0) returned 0x0 [0174.951] IUnknown:AddRef (This=0x65b4a0) returned 0x4 [0174.951] IUnknown:Release (This=0x65b4a0) returned 0x3 [0174.951] IUnknown:Release (This=0x65b4a0) returned 0x2 [0174.951] IUnknown:Release (This=0x65af28) returned 0x2 [0174.952] SysStringLen (param_1=0x0) returned 0x0 [0174.952] IEnumWbemClassObject:Reset (This=0x65b4a0) returned 0x0 [0174.953] CoTaskMemAlloc (cb=0x4) returned 0x8f70080 [0174.954] IEnumWbemClassObject:Next (in: This=0x65b4a0, lTimeout=-1, uCount=0x1, apObjects=0x8f70080, puReturned=0x63f5a48 | out: apObjects=0x8f70080*=0x8f51b88, puReturned=0x63f5a48*=0x1) returned 0x0 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9b8 | out: ppvObject=0x19e9b8*=0x8f51b88) returned 0x0 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e974 | out: ppvObject=0x19e974*=0x0) returned 0x80004002 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x0) returned 0x80004002 [0176.015] IUnknown:AddRef (This=0x8f51b88) returned 0x3 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e27c | out: ppvObject=0x19e27c*=0x0) returned 0x80004002 [0176.015] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e288 | out: ppvObject=0x19e288*=0x8f51b8c) returned 0x0 [0176.016] IMarshal:GetUnmarshalClass (in: This=0x8f51b8c, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e290 | out: pCid=0x19e290*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0176.016] IUnknown:Release (This=0x8f51b8c) returned 0x3 [0176.016] CoGetContextToken (in: pToken=0x19e2e8 | out: pToken=0x19e2e8) returned 0x0 [0176.016] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0176.016] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0176.016] IUnknown:Release (This=0x8f51b88) returned 0x2 [0176.016] CoGetContextToken (in: pToken=0x19ecc8 | out: pToken=0x19ecc8) returned 0x0 [0176.016] CoGetContextToken (in: pToken=0x19ec28 | out: pToken=0x19ec28) returned 0x0 [0176.016] IUnknown:QueryInterface (in: This=0x8f51b88, riid=0x19ecf8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x8f51b88) returned 0x0 [0176.016] IUnknown:AddRef (This=0x8f51b88) returned 0x4 [0176.016] IUnknown:Release (This=0x8f51b88) returned 0x3 [0176.016] IUnknown:Release (This=0x8f51b88) returned 0x2 [0176.016] CoTaskMemFree (pv=0x8f70080) [0176.016] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0 [0176.016] IUnknown:AddRef (This=0x8f51b88) returned 0x3 [0176.017] IWbemClassObject:Get (in: This=0x8f51b88, wszName="__GENUS", lFlags=0, pVal=0x19f350*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d0*=0, plFlavor=0x19f3cc*=0 | out: pVal=0x19f350*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f3d0*=3, plFlavor=0x19f3cc*=64) returned 0x0 [0176.017] IWbemClassObject:Get (in: This=0x8f51b88, wszName="__PATH", lFlags=0, pVal=0x19f334*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3b8*=0, plFlavor=0x19f3b4*=0 | out: pVal=0x19f334*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f3b8*=8, plFlavor=0x19f3b4*=64) returned 0x0 [0176.017] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0176.017] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0176.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x510 [0176.017] SetEvent (hEvent=0x3b4) returned 1 [0176.018] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x510, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0176.027] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0176.028] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0176.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x67d2e0) returned 0x0 [0176.028] WbemDefPath:IUnknown:AddRef (This=0x67d2e0) returned 0x3 [0176.028] WbemDefPath:IUnknown:Release (This=0x67d2e0) returned 0x2 [0176.028] WbemDefPath:IWbemPath:SetText (This=0x67d2e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0176.028] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f38c | out: puCount=0x19f38c*=0x2) returned 0x0 [0176.028] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f388*=0x0, pszText=0x0 | out: puBuffLength=0x19f388*=0xf, pszText=0x0) returned 0x0 [0176.028] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f388*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f388*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.030] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f35c | out: puCount=0x19f35c*=0x2) returned 0x0 [0176.030] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f358*=0x0, pszText=0x0 | out: puBuffLength=0x19f358*=0xf, pszText=0x0) returned 0x0 [0176.030] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f358*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f358*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.030] IWbemClassObject:Get (in: This=0x8f51b88, wszName="Name", lFlags=0, pVal=0x19f358*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x63f62b0*=0, plFlavor=0x63f62b4*=0 | out: pVal=0x19f358*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x63f62b0*=8, plFlavor=0x63f62b4*=0) returned 0x0 [0176.030] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0176.031] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0176.031] IWbemClassObject:Get (in: This=0x8f51b88, wszName="Name", lFlags=0, pVal=0x19f360*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x63f62b0*=8, plFlavor=0x63f62b4*=0 | out: pVal=0x19f360*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x63f62b0*=8, plFlavor=0x63f62b4*=0) returned 0x0 [0176.031] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0176.031] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0176.031] CoTaskMemAlloc (cb=0x4) returned 0x8f6fff0 [0176.031] IEnumWbemClassObject:Next (in: This=0x65b4a0, lTimeout=-1, uCount=0x1, apObjects=0x8f6fff0, puReturned=0x63f5a48 | out: apObjects=0x8f6fff0*=0x0, puReturned=0x63f5a48*=0x0) returned 0x1 [0176.033] CoTaskMemFree (pv=0x8f6fff0) [0176.033] CoGetContextToken (in: pToken=0x19f280 | out: pToken=0x19f280) returned 0x0 [0176.033] WbemLocator:IUnknown:Release (This=0x682538) returned 0x1 [0176.033] IUnknown:Release (This=0x65b4a0) returned 0x0 [0176.037] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x19f398 | out: puCount=0x19f398*=0x2) returned 0x0 [0176.037] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0xf, pszText=0x0) returned 0x0 [0176.038] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=4, puBuffLength=0x19f394*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f394*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0176.065] GlobalMemoryStatusEx (in: lpBuffer=0x63f64ec | out: lpBuffer=0x63f64ec) returned 1 [0176.456] GetCurrentProcess () returned 0xffffffff [0176.456] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eff8 | out: TokenHandle=0x19eff8*=0x514) returned 1 [0176.461] GetCurrentProcess () returned 0xffffffff [0176.461] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f008 | out: TokenHandle=0x19f008*=0x518) returned 1 [0176.663] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19f2dc | out: pFixedInfo=0x0, pOutBufLen=0x19f2dc) returned 0x6f [0177.569] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x8f7a758 [0177.570] GetNetworkParams (in: pFixedInfo=0x8f7a758, pOutBufLen=0x19f2dc | out: pFixedInfo=0x8f7a758, pOutBufLen=0x19f2dc) returned 0x0 [0177.583] LocalFree (hMem=0x8f7a758) returned 0x0 [0177.587] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x0, cchASCIIChar=0 | out: lpASCIICharStr=0x0) returned 6 [0177.587] IdnToAscii (in: dwFlags=0x0, lpUnicodeCharStr="xc64ZB", cchUnicodeChar=6, lpASCIICharStr=0x63f86f0, cchASCIIChar=6 | out: lpASCIICharStr="xc64ZB") returned 6 [0177.599] SystemFunction041 (in: Memory=0x8f6ace4, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x8f6ace4) returned 0x0 [0177.601] SysStringLen (param_1="tycautomotriz2020") returned 0x18 [0177.601] SystemFunction040 (in: Memory=0x8f7883c, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x8f7883c) returned 0x0 [0177.649] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f2b8 | out: UnbiasedTime=0x19f2b8) returned 1 [0177.649] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f2a8 | out: UnbiasedTime=0x19f2a8) returned 1 [0177.657] GetCurrentProcess () returned 0xffffffff [0177.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef44 | out: TokenHandle=0x19ef44*=0x568) returned 1 [0177.658] GetCurrentProcess () returned 0xffffffff [0177.658] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef54 | out: TokenHandle=0x19ef54*=0x530) returned 1 [0177.663] SetEvent (hEvent=0x230) returned 1 [0177.693] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19f020 | out: lpWSAData=0x19f020) returned 0 [0177.704] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x598 [0178.081] setsockopt (s=0x598, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0178.082] closesocket (s=0x598) returned 0 [0178.082] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x598 [0178.083] setsockopt (s=0x598, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0178.083] closesocket (s=0x598) returned 0 [0178.087] GetCurrentProcess () returned 0xffffffff [0178.087] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee68 | out: TokenHandle=0x19ee68*=0x598) returned 1 [0178.091] GetCurrentProcess () returned 0xffffffff [0178.091] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee78 | out: TokenHandle=0x19ee78*=0x59c) returned 1 [0178.106] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x5a0 [0178.106] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5a4 [0178.112] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x5a8 [0178.113] SetEvent (hEvent=0x230) returned 1 [0178.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19f150*=0x5a0, lpdwindex=0x19f00c | out: lpdwindex=0x19f00c) returned 0x0 [0178.115] ReleaseMutex (hMutex=0x5a8) returned 1 [0178.115] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5ac [0178.116] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5b0 [0178.118] GetAddrInfoW (in: pNodeName="mail.tycautomotriz.cl", pServiceName=0x0, pHints=0x19f110*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f0b8 | out: ppResult=0x19f0b8*=0x8f549c8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="tycautomotriz.cl", ai_addr=0x8f81b60*(sa_family=2, sin_port=0x0, sin_addr="131.72.236.163"), ai_next=0x0)) returned 0 [0178.507] FreeAddrInfoW (pAddrInfo=0x8f549c8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="tycautomotriz.cl", ai_addr=0x8f81b60*(sa_family=2, sin_port=0x0, sin_addr="131.72.236.163"), ai_next=0x0)) [0178.508] GetAddrInfoW (in: pNodeName="mail.tycautomotriz.cl", pServiceName=0x0, pHints=0x19f110*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f0b8 | out: ppResult=0x19f0b8*=0x8f548d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.tycautomotriz.cl", ai_addr=0x8f81ad0*(sa_family=2, sin_port=0x0, sin_addr="131.72.236.163"), ai_next=0x0)) returned 0 [0178.511] FreeAddrInfoW (pAddrInfo=0x8f548d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="mail.tycautomotriz.cl", ai_addr=0x8f81ad0*(sa_family=2, sin_port=0x0, sin_addr="131.72.236.163"), ai_next=0x0)) [0178.515] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5bc [0178.515] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c0 [0178.515] ioctlsocket (in: s=0x5bc, cmd=-2147195266, argp=0x19f0e8 | out: argp=0x19f0e8) returned 0 [0178.516] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5c4 [0178.516] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c8 [0178.516] ioctlsocket (in: s=0x5c4, cmd=-2147195266, argp=0x19f0e8 | out: argp=0x19f0e8) returned 0 [0178.516] WSAIoctl (in: s=0x5bc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f0d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f0d0, lpOverlapped=0x0) returned -1 [0178.518] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee00, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0178.520] WSAEventSelect (s=0x5bc, hEventObject=0x5c0, lNetworkEvents=512) returned 0 [0178.520] WSAIoctl (in: s=0x5c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f0d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f0d0, lpOverlapped=0x0) returned -1 [0178.520] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee00, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0178.520] WSAEventSelect (s=0x5c4, hEventObject=0x5c8, lNetworkEvents=512) returned 0 [0178.520] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19f0cc*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19f0cc*=0xa80) returned 0x6f [0178.529] LocalAlloc (uFlags=0x0, uBytes=0xa80) returned 0x8f929f0 [0178.529] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x8f929f0, SizePointer=0x19f0cc*=0xa80 | out: AdapterAddresses=0x8f929f0*(Alignment=0x600000178, Length=0x178, IfIndex=0x6, Next=0x8f92ca0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x8f92c14, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x9, [2]=0x6f, [3]=0x78, [4]=0xf0, [5]=0xa, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x8f92b68*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x19f0cc*=0xa80) returned 0x0 [0178.539] LocalFree (hMem=0x8f929f0) returned 0x0 [0178.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f0e8 | out: phkResult=0x19f0e8*=0x5cc) returned 0x0 [0178.540] RegQueryValueExW (in: hKey=0x5cc, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19f104, lpData=0x0, lpcbData=0x19f100*=0x0 | out: lpType=0x19f104*=0x0, lpData=0x0, lpcbData=0x19f100*=0x0) returned 0x2 [0178.540] RegCloseKey (hKey=0x5cc) returned 0x0 [0178.541] WSAConnect (in: s=0x5ac, name=0x640108c*(sa_family=2, sin_port=0x24b, sin_addr="131.72.236.163"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0178.776] closesocket (s=0x5b0) returned 0 [0178.777] setsockopt (s=0x5ac, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0178.783] recv (in: s=0x5ac, buf=0x6401180, len=256, flags=0 | out: buf=0x6401180*) returned 179 [0179.432] send (s=0x5ac, buf=0x63fa294*, len=13, flags=0) returned 13 [0179.435] recv (in: s=0x5ac, buf=0x6401180, len=256, flags=0 | out: buf=0x6401180*) returned 207 [0179.676] send (s=0x5ac, buf=0x63fa294*, len=49, flags=0) returned 49 [0179.676] recv (in: s=0x5ac, buf=0x6401180, len=256, flags=0 | out: buf=0x6401180*) returned 18 [0179.896] SysStringLen (param_1="멑䧛傗欒竗㠎䀕萿आ䶼᣸愘⻽܏皎ᄉ\ծ㠎朰꼱≀) returned 0x18 [0179.896] SystemFunction041 (in: Memory=0x8f7883c, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x8f7883c) returned 0x0 [0179.897] SysStringLen (param_1="tycautomotriz2020") returned 0x18 [0179.897] SystemFunction040 (in: Memory=0x8f7883c, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x8f7883c) returned 0x0 [0179.897] SysStringLen (param_1="tycautomotriz2020") returned 0x11 [0179.898] SysStringLen (param_1="tycautomotriz2020") returned 0x11 [0179.898] send (s=0x5ac, buf=0x63fa294*, len=26, flags=0) returned 26 [0179.898] recv (in: s=0x5ac, buf=0x6401180, len=256, flags=0 | out: buf=0x6401180*) returned 35 [0181.634] send (s=0x5ac, buf=0x63fa294*, len=39, flags=0) returned 39 [0181.635] recv (in: s=0x5ac, buf=0x6401180, len=256, flags=0 | out: buf=0x6401180*) returned 61 [0181.870] shutdown (s=0x5ac, how=2) returned 0 [0181.871] setsockopt (s=0x5ac, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0181.871] closesocket (s=0x5ac) returned 0 [0181.877] GetCurrentProcess () returned 0xffffffff [0181.878] GetCurrentThread () returned 0xfffffffe [0181.878] GetCurrentProcess () returned 0xffffffff [0181.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f4c8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f4c8*=0x5ac) returned 1 [0181.889] GetCurrentThreadId () returned 0x1060 [0181.900] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1dd [0181.900] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc14b [0181.906] GetSystemMetrics (nIndex=75) returned 1 [0181.916] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0182.711] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6e7d0000 [0182.769] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000 [0182.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f230, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWükì9`2(úænhö\x19", lpUsedDefaultChar=0x0) returned 14 [0182.770] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x7725aee0 [0182.770] GetStockObject (i=5) returned 0x1900015 [0182.772] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0182.775] CoTaskMemAlloc (cb=0x5c) returned 0x8f6f870 [0182.775] RegisterClassW (lpWndClass=0x19f220) returned 0xc1db [0182.775] CoTaskMemFree (pv=0x8f6f870) [0182.776] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0182.776] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.232467a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1402c2 [0182.779] SetWindowLongW (hWnd=0x1402c2, nIndex=-4, dwNewLong=1998958304) returned 143199334 [0182.780] GetWindowLongW (hWnd=0x1402c2, nIndex=-4) returned 1998958304 [0182.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea84 | out: phkResult=0x19ea84*=0x5cc) returned 0x0 [0182.781] RegQueryValueExW (in: hKey=0x5cc, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19eaa4, lpData=0x0, lpcbData=0x19eaa0*=0x0 | out: lpType=0x19eaa4*=0x0, lpData=0x0, lpcbData=0x19eaa0*=0x0) returned 0x2 [0182.781] RegQueryValueExW (in: hKey=0x5cc, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19eaa4, lpData=0x0, lpcbData=0x19eaa0*=0x0 | out: lpType=0x19eaa4*=0x0, lpData=0x0, lpcbData=0x19eaa0*=0x0) returned 0x2 [0182.782] RegCloseKey (hKey=0x5cc) returned 0x0 [0182.784] SetWindowLongW (hWnd=0x1402c2, nIndex=-4, dwNewLong=143199374) returned 1998958304 [0182.784] GetWindowLongW (hWnd=0x1402c2, nIndex=-4) returned 143199374 [0182.784] GetWindowLongW (hWnd=0x1402c2, nIndex=-16) returned 113311744 [0182.785] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1dc [0182.785] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x1402c2, Msg=0x24, wParam=0x0, lParam=0x19ed9c) returned 0x0 [0182.785] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1da [0182.786] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x1402c2, Msg=0x81, wParam=0x0, lParam=0x19ed90) returned 0x1 [0182.787] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x1402c2, Msg=0x83, wParam=0x0, lParam=0x19ed7c) returned 0x0 [0183.059] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x1402c2, Msg=0x1, wParam=0x0, lParam=0x19ed90) returned 0x0 [0183.060] GetClientRect (in: hWnd=0x1402c2, lpRect=0x19eabc | out: lpRect=0x19eabc) returned 1 [0183.060] GetWindowRect (in: hWnd=0x1402c2, lpRect=0x19eabc | out: lpRect=0x19eabc) returned 1 [0183.061] GetParent (hWnd=0x1402c2) returned 0x0 [0183.065] OleInitialize (pvReserved=0x0) returned 0x0 [0183.066] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f444 | out: lplpMessageFilter=0x19f444*=0x0) returned 0x0 [0183.067] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0183.068] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0183.068] WaitMessage () Thread: id = 9 os_tid = 0x10c0 Thread: id = 10 os_tid = 0x10b4 Thread: id = 11 os_tid = 0xa04 [0129.057] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0129.058] RoInitialize () returned 0x1 [0129.058] RoUninitialize () returned 0x0 Thread: id = 12 os_tid = 0x10b0 Thread: id = 13 os_tid = 0xf98 Thread: id = 14 os_tid = 0x10c4 Thread: id = 118 os_tid = 0x8cc [0148.530] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0148.530] RoInitialize () returned 0x1 [0148.530] RoUninitialize () returned 0x0 [0148.578] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x8dff5bc | out: lpiid=0x8dff5bc) returned 0x0 [0148.581] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x61bc18) returned 0x0 [0148.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x61bc18, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0148.581] WbemDefPath:IClassFactory:CreateInstance (in: This=0x61bc18, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x64b450) returned 0x0 [0148.581] WbemDefPath:IUnknown:Release (This=0x61bc18) returned 0x0 [0148.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x64b450) returned 0x0 [0148.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0148.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0148.582] WbemDefPath:IUnknown:AddRef (This=0x64b450) returned 0x3 [0148.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0148.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0148.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x665668) returned 0x0 [0148.582] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x665668, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.582] WbemDefPath:IUnknown:Release (This=0x665668) returned 0x3 [0148.582] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0148.583] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0148.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x64b450, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0148.583] WbemDefPath:IUnknown:Release (This=0x64b450) returned 0x2 [0148.584] WbemDefPath:IUnknown:Release (This=0x64b450) returned 0x1 [0148.584] SetEvent (hEvent=0x3a4) returned 1 [0148.654] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x61bb98) returned 0x0 [0148.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x61bb98, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0148.654] WbemDefPath:IClassFactory:CreateInstance (in: This=0x61bb98, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x64be70) returned 0x0 [0148.654] WbemDefPath:IUnknown:Release (This=0x61bb98) returned 0x0 [0148.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x64be70) returned 0x0 [0148.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0148.654] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0148.655] WbemDefPath:IUnknown:AddRef (This=0x64be70) returned 0x3 [0148.655] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0148.655] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0148.655] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x665848) returned 0x0 [0148.655] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x665848, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.655] WbemDefPath:IUnknown:Release (This=0x665848) returned 0x3 [0148.655] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0148.655] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0148.655] WbemDefPath:IUnknown:QueryInterface (in: This=0x64be70, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0148.655] WbemDefPath:IUnknown:Release (This=0x64be70) returned 0x2 [0148.655] WbemDefPath:IUnknown:Release (This=0x64be70) returned 0x1 [0148.656] SetEvent (hEvent=0x3d8) returned 1 [0148.658] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x61bc58) returned 0x0 [0148.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x61bc58, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0148.658] WbemDefPath:IClassFactory:CreateInstance (in: This=0x61bc58, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x665430) returned 0x0 [0148.658] WbemDefPath:IUnknown:Release (This=0x61bc58) returned 0x0 [0148.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x665430) returned 0x0 [0148.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0148.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0148.659] WbemDefPath:IUnknown:AddRef (This=0x665430) returned 0x3 [0148.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0148.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0148.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x665938) returned 0x0 [0148.659] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x665938, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.659] WbemDefPath:IUnknown:Release (This=0x665938) returned 0x3 [0148.659] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0148.659] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0148.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x665430, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0148.660] WbemDefPath:IUnknown:Release (This=0x665430) returned 0x2 [0148.660] WbemDefPath:IUnknown:Release (This=0x665430) returned 0x1 [0148.660] SetEvent (hEvent=0x3dc) returned 1 [0150.089] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673d60) returned 0x0 [0150.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x673d60, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0150.089] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673d60, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67ce10) returned 0x0 [0150.090] WbemDefPath:IUnknown:Release (This=0x673d60) returned 0x0 [0150.090] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67ce10) returned 0x0 [0150.090] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0150.090] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0150.091] WbemDefPath:IUnknown:AddRef (This=0x67ce10) returned 0x3 [0150.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0150.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0150.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x665c38) returned 0x0 [0150.091] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x665c38, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.091] WbemDefPath:IUnknown:Release (This=0x665c38) returned 0x3 [0150.091] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0150.091] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0150.091] WbemDefPath:IUnknown:QueryInterface (in: This=0x67ce10, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0150.092] WbemDefPath:IUnknown:Release (This=0x67ce10) returned 0x2 [0150.092] WbemDefPath:IUnknown:Release (This=0x67ce10) returned 0x1 [0150.092] SetEvent (hEvent=0x42c) returned 1 [0167.042] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673ca0) returned 0x0 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x673ca0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.043] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673ca0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67cda0) returned 0x0 [0167.043] WbemDefPath:IUnknown:Release (This=0x673ca0) returned 0x0 [0167.043] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67cda0) returned 0x0 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:AddRef (This=0x67cda0) returned 0x3 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.044] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x644388) returned 0x0 [0167.044] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x644388, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.044] WbemDefPath:IUnknown:Release (This=0x644388) returned 0x3 [0167.044] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.044] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.045] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cda0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.045] WbemDefPath:IUnknown:Release (This=0x67cda0) returned 0x2 [0167.045] WbemDefPath:IUnknown:Release (This=0x67cda0) returned 0x1 [0167.045] SetEvent (hEvent=0x430) returned 1 [0167.088] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673c90) returned 0x0 [0167.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x673c90, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.088] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673c90, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67cef0) returned 0x0 [0167.088] WbemDefPath:IUnknown:Release (This=0x673c90) returned 0x0 [0167.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67cef0) returned 0x0 [0167.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.089] WbemDefPath:IUnknown:AddRef (This=0x67cef0) returned 0x3 [0167.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x644430) returned 0x0 [0167.089] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x644430, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.089] WbemDefPath:IUnknown:Release (This=0x644430) returned 0x3 [0167.089] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.089] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cef0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.089] WbemDefPath:IUnknown:Release (This=0x67cef0) returned 0x2 [0167.089] WbemDefPath:IUnknown:Release (This=0x67cef0) returned 0x1 [0167.089] SetEvent (hEvent=0x438) returned 1 [0167.094] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673d40) returned 0x0 [0167.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x673d40, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.094] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673d40, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67cfd0) returned 0x0 [0167.095] WbemDefPath:IUnknown:Release (This=0x673d40) returned 0x0 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67cfd0) returned 0x0 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.095] WbemDefPath:IUnknown:AddRef (This=0x67cfd0) returned 0x3 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x644400) returned 0x0 [0167.096] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x644400, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.096] WbemDefPath:IUnknown:Release (This=0x644400) returned 0x3 [0167.096] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.096] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x67cfd0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.096] WbemDefPath:IUnknown:Release (This=0x67cfd0) returned 0x2 [0167.096] WbemDefPath:IUnknown:Release (This=0x67cfd0) returned 0x1 [0167.096] SetEvent (hEvent=0x43c) returned 1 [0167.216] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673c50) returned 0x0 [0167.216] WbemDefPath:IUnknown:QueryInterface (in: This=0x673c50, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.216] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673c50, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d4a0) returned 0x0 [0167.217] WbemDefPath:IUnknown:Release (This=0x673c50) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d4a0) returned 0x0 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:AddRef (This=0x67d4a0) returned 0x3 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.217] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x6445e0) returned 0x0 [0167.217] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6445e0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.217] WbemDefPath:IUnknown:Release (This=0x6445e0) returned 0x3 [0167.218] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.218] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.218] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d4a0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.218] WbemDefPath:IUnknown:Release (This=0x67d4a0) returned 0x2 [0167.218] WbemDefPath:IUnknown:Release (This=0x67d4a0) returned 0x1 [0167.218] SetEvent (hEvent=0x454) returned 1 [0167.577] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673da0) returned 0x0 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x673da0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.578] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673da0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d0b0) returned 0x0 [0167.578] WbemDefPath:IUnknown:Release (This=0x673da0) returned 0x0 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d0b0) returned 0x0 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.578] WbemDefPath:IUnknown:AddRef (This=0x67d0b0) returned 0x3 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x6447d8) returned 0x0 [0167.579] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6447d8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.579] WbemDefPath:IUnknown:Release (This=0x6447d8) returned 0x3 [0167.579] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.579] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d0b0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.579] WbemDefPath:IUnknown:Release (This=0x67d0b0) returned 0x2 [0167.579] WbemDefPath:IUnknown:Release (This=0x67d0b0) returned 0x1 [0167.579] SetEvent (hEvent=0x458) returned 1 [0167.623] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673cc0) returned 0x0 [0167.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x673cc0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.623] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673cc0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d040) returned 0x0 [0167.623] WbemDefPath:IUnknown:Release (This=0x673cc0) returned 0x0 [0167.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d040) returned 0x0 [0167.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.624] WbemDefPath:IUnknown:AddRef (This=0x67d040) returned 0x3 [0167.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x644988) returned 0x0 [0167.624] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x644988, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.624] WbemDefPath:IUnknown:Release (This=0x644988) returned 0x3 [0167.624] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.624] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d040, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.624] WbemDefPath:IUnknown:Release (This=0x67d040) returned 0x2 [0167.624] WbemDefPath:IUnknown:Release (This=0x67d040) returned 0x1 [0167.624] SetEvent (hEvent=0x45c) returned 1 [0167.630] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673d60) returned 0x0 [0167.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x673d60, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.631] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673d60, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d120) returned 0x0 [0167.631] WbemDefPath:IUnknown:Release (This=0x673d60) returned 0x0 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d120) returned 0x0 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.631] WbemDefPath:IUnknown:AddRef (This=0x67d120) returned 0x3 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f59500) returned 0x0 [0167.631] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f59500, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.631] WbemDefPath:IUnknown:Release (This=0x8f59500) returned 0x3 [0167.631] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.631] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.632] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d120, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.632] WbemDefPath:IUnknown:Release (This=0x67d120) returned 0x2 [0167.632] WbemDefPath:IUnknown:Release (This=0x67d120) returned 0x1 [0167.632] SetEvent (hEvent=0x464) returned 1 [0167.638] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673c50) returned 0x0 [0167.638] WbemDefPath:IUnknown:QueryInterface (in: This=0x673c50, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.639] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673c50, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d510) returned 0x0 [0167.639] WbemDefPath:IUnknown:Release (This=0x673c50) returned 0x0 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d510) returned 0x0 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.639] WbemDefPath:IUnknown:AddRef (This=0x67d510) returned 0x3 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f594b8) returned 0x0 [0167.639] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f594b8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.639] WbemDefPath:IUnknown:Release (This=0x8f594b8) returned 0x3 [0167.639] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.640] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d510, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.640] WbemDefPath:IUnknown:Release (This=0x67d510) returned 0x2 [0167.640] WbemDefPath:IUnknown:Release (This=0x67d510) returned 0x1 [0167.640] SetEvent (hEvent=0x468) returned 1 [0167.648] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673ce0) returned 0x0 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x673ce0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0167.648] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673ce0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d190) returned 0x0 [0167.648] WbemDefPath:IUnknown:Release (This=0x673ce0) returned 0x0 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d190) returned 0x0 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0167.648] WbemDefPath:IUnknown:AddRef (This=0x67d190) returned 0x3 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0167.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f597d0) returned 0x0 [0167.649] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f597d0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.649] WbemDefPath:IUnknown:Release (This=0x8f597d0) returned 0x3 [0167.649] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0167.649] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0167.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d190, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0167.649] WbemDefPath:IUnknown:Release (This=0x67d190) returned 0x2 [0167.649] WbemDefPath:IUnknown:Release (This=0x67d190) returned 0x1 [0167.649] SetEvent (hEvent=0x46c) returned 1 [0174.364] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x673be0) returned 0x0 [0174.364] WbemDefPath:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0174.364] WbemDefPath:IClassFactory:CreateInstance (in: This=0x673be0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d200) returned 0x0 [0174.365] WbemDefPath:IUnknown:Release (This=0x673be0) returned 0x0 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d200) returned 0x0 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0174.365] WbemDefPath:IUnknown:AddRef (This=0x67d200) returned 0x3 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0174.365] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f554f8) returned 0x0 [0174.365] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f554f8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.365] WbemDefPath:IUnknown:Release (This=0x8f554f8) returned 0x3 [0174.365] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0174.366] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0174.366] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d200, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0174.366] WbemDefPath:IUnknown:Release (This=0x67d200) returned 0x2 [0174.366] WbemDefPath:IUnknown:Release (This=0x67d200) returned 0x1 [0174.366] SetEvent (hEvent=0x4e0) returned 1 [0174.581] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x61b9f8) returned 0x0 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x61b9f8, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0174.582] WbemDefPath:IClassFactory:CreateInstance (in: This=0x61b9f8, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d270) returned 0x0 [0174.582] WbemDefPath:IUnknown:Release (This=0x61b9f8) returned 0x0 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d270) returned 0x0 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0174.582] WbemDefPath:IUnknown:AddRef (This=0x67d270) returned 0x3 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0174.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f55210) returned 0x0 [0174.583] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f55210, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.583] WbemDefPath:IUnknown:Release (This=0x8f55210) returned 0x3 [0174.583] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0174.583] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0174.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d270, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0174.583] WbemDefPath:IUnknown:Release (This=0x67d270) returned 0x2 [0174.583] WbemDefPath:IUnknown:Release (This=0x67d270) returned 0x1 [0174.583] SetEvent (hEvent=0x4f8) returned 1 [0176.021] CoGetClassObject (in: rclsid=0x6551dc*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8dff2c8 | out: ppv=0x8dff2c8*=0x8f70080) returned 0x0 [0176.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x8f70080, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8dff4e4 | out: ppvObject=0x8dff4e4*=0x0) returned 0x80004002 [0176.022] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8f70080, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff4f0 | out: ppvObject=0x8dff4f0*=0x67d2e0) returned 0x0 [0176.022] WbemDefPath:IUnknown:Release (This=0x8f70080) returned 0x0 [0176.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dff114 | out: ppvObject=0x8dff114*=0x67d2e0) returned 0x0 [0176.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8dff0d0 | out: ppvObject=0x8dff0d0*=0x0) returned 0x80004002 [0176.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8dfecc4 | out: ppvObject=0x8dfecc4*=0x0) returned 0x80004002 [0176.022] WbemDefPath:IUnknown:AddRef (This=0x67d2e0) returned 0x3 [0176.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8dfea24 | out: ppvObject=0x8dfea24*=0x0) returned 0x80004002 [0176.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8dfe9d4 | out: ppvObject=0x8dfe9d4*=0x0) returned 0x80004002 [0176.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfe9e0 | out: ppvObject=0x8dfe9e0*=0x8f55360) returned 0x0 [0176.023] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x8f55360, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8dfe9e8 | out: pCid=0x8dfe9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0176.023] WbemDefPath:IUnknown:Release (This=0x8f55360) returned 0x3 [0176.023] CoGetContextToken (in: pToken=0x8dfea40 | out: pToken=0x8dfea40) returned 0x0 [0176.023] CoGetContextToken (in: pToken=0x8dfee48 | out: pToken=0x8dfee48) returned 0x0 [0176.023] WbemDefPath:IUnknown:QueryInterface (in: This=0x67d2e0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8dfeed4 | out: ppvObject=0x8dfeed4*=0x0) returned 0x80004002 [0176.023] WbemDefPath:IUnknown:Release (This=0x67d2e0) returned 0x2 [0176.023] WbemDefPath:IUnknown:Release (This=0x67d2e0) returned 0x1 [0176.023] SetEvent (hEvent=0x510) returned 1 Thread: id = 119 os_tid = 0x9e8 [0148.665] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0148.665] RoInitialize () returned 0x1 [0148.665] RoUninitialize () returned 0x0 [0148.666] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x8f3f7f4 | out: lpiid=0x8f3f7f4) returned 0x0 [0148.667] CoGetClassObject (in: rclsid=0x6555cc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8f3f500 | out: ppv=0x8f3f500*=0x665c20) returned 0x0 [0148.667] WbemLocator:IUnknown:QueryInterface (in: This=0x665c20, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f3f71c | out: ppvObject=0x8f3f71c*=0x0) returned 0x80004002 [0148.667] WbemLocator:IClassFactory:CreateInstance (in: This=0x665c20, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f728 | out: ppvObject=0x8f3f728*=0x673d30) returned 0x0 [0148.667] WbemLocator:IUnknown:Release (This=0x665c20) returned 0x0 [0148.667] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f34c | out: ppvObject=0x8f3f34c*=0x673d30) returned 0x0 [0148.668] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f3f308 | out: ppvObject=0x8f3f308*=0x0) returned 0x80004002 [0148.668] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8f3eefc | out: ppvObject=0x8f3eefc*=0x0) returned 0x80004002 [0148.668] WbemLocator:IUnknown:AddRef (This=0x673d30) returned 0x3 [0148.668] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f3ec5c | out: ppvObject=0x8f3ec5c*=0x0) returned 0x80004002 [0148.668] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f3ec0c | out: ppvObject=0x8f3ec0c*=0x0) returned 0x80004002 [0148.668] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3ec18 | out: ppvObject=0x8f3ec18*=0x0) returned 0x80004002 [0148.668] CoGetContextToken (in: pToken=0x8f3ec78 | out: pToken=0x8f3ec78) returned 0x0 [0148.668] CoGetObjectContext (in: riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x665a8c | out: ppv=0x665a8c*=0x5dfae8) returned 0x0 [0148.670] CoGetContextToken (in: pToken=0x8f3f080 | out: pToken=0x8f3f080) returned 0x0 [0148.670] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f10c | out: ppvObject=0x8f3f10c*=0x0) returned 0x80004002 [0148.670] WbemLocator:IUnknown:Release (This=0x673d30) returned 0x2 [0148.670] WbemLocator:IUnknown:Release (This=0x673d30) returned 0x1 [0148.670] CoGetContextToken (in: pToken=0x8f3f708 | out: pToken=0x8f3f708) returned 0x0 [0148.670] CoGetContextToken (in: pToken=0x8f3f668 | out: pToken=0x8f3f668) returned 0x0 [0148.670] WbemLocator:IUnknown:QueryInterface (in: This=0x673d30, riid=0x8f3f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8f3f734 | out: ppvObject=0x8f3f734*=0x673d30) returned 0x0 [0148.670] WbemLocator:IUnknown:AddRef (This=0x673d30) returned 0x3 [0148.670] WbemLocator:IUnknown:Release (This=0x673d30) returned 0x2 [0148.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x665430, puCount=0x8f3f8cc | out: puCount=0x8f3f8cc*=0x2) returned 0x0 [0148.676] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=8, puBuffLength=0x8f3f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x8f3f8c8*=0xf, pszText=0x0) returned 0x0 [0148.676] WbemDefPath:IWbemPath:GetText (in: This=0x665430, lFlags=8, puBuffLength=0x8f3f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x8f3f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x8f3eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0148.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x8f3f048, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0148.740] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6f920000 [0148.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x8f3f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity ¥nì9`2(úænHóó\x08\x01", lpUsedDefaultChar=0x0) returned 13 [0148.892] GetProcAddress (hModule=0x6f920000, lpProcName="ResetSecurity") returned 0x6f922cc0 [0148.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x8f3f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0148.917] GetProcAddress (hModule=0x6f920000, lpProcName="SetSecurity") returned 0x6f922d10 [0148.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x8f3f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 18 [0148.951] GetProcAddress (hModule=0x6f920000, lpProcName="BlessIWbemServices") returned 0x6f922090 [0149.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x8f3f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 24 [0149.023] GetProcAddress (hModule=0x6f920000, lpProcName="BlessIWbemServicesObject") returned 0x6f9220f0 [0149.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x8f3f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 17 [0149.097] GetProcAddress (hModule=0x6f920000, lpProcName="GetPropertyHandle") returned 0x6f9227a0 [0149.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x8f3f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 18 [0149.142] GetProcAddress (hModule=0x6f920000, lpProcName="WritePropertyValue") returned 0x6f922e50 [0149.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8f3f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 5 [0149.194] GetProcAddress (hModule=0x6f920000, lpProcName="Clone") returned 0x6f922150 [0149.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x8f3f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0149.222] GetProcAddress (hModule=0x6f920000, lpProcName="VerifyClientKey") returned 0x6f922e00 [0149.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x8f3f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0149.242] GetProcAddress (hModule=0x6f920000, lpProcName="GetQualifierSet") returned 0x6f922860 [0149.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x8f3f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0149.246] GetProcAddress (hModule=0x6f920000, lpProcName="Get") returned 0x6f922630 [0149.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x8f3f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0149.295] GetProcAddress (hModule=0x6f920000, lpProcName="Put") returned 0x6f922970 [0149.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x8f3f084, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 6 [0149.340] GetProcAddress (hModule=0x6f920000, lpProcName="Delete") returned 0x6f922410 [0149.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x8f3f080, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 8 [0149.372] GetProcAddress (hModule=0x6f920000, lpProcName="GetNames") returned 0x6f922740 [0149.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x8f3f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 16 [0149.426] GetProcAddress (hModule=0x6f920000, lpProcName="BeginEnumeration") returned 0x6f922050 [0149.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x8f3f084, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 4 [0149.467] GetProcAddress (hModule=0x6f920000, lpProcName="Next") returned 0x6f922910 [0149.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x8f3f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 14 [0149.516] GetProcAddress (hModule=0x6f920000, lpProcName="EndEnumeration") returned 0x6f9224d0 [0149.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x8f3f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0149.569] GetProcAddress (hModule=0x6f920000, lpProcName="GetPropertyQualifierSet") returned 0x6f922830 [0149.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8f3f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 5 [0149.610] GetProcAddress (hModule=0x6f920000, lpProcName="Clone") returned 0x6f922150 [0149.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x8f3f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 13 [0149.610] GetProcAddress (hModule=0x6f920000, lpProcName="GetObjectText") returned 0x6f922770 [0149.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x8f3f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 17 [0149.652] GetProcAddress (hModule=0x6f920000, lpProcName="SpawnDerivedClass") returned 0x6f922d60 [0149.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x8f3f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 13 [0149.673] GetProcAddress (hModule=0x6f920000, lpProcName="SpawnInstance") returned 0x6f922d90 [0149.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x8f3f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 9 [0149.682] GetProcAddress (hModule=0x6f920000, lpProcName="CompareTo") returned 0x6f922200 [0149.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x8f3f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 17 [0149.702] GetProcAddress (hModule=0x6f920000, lpProcName="GetPropertyOrigin") returned 0x6f922800 [0149.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x8f3f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 12 [0149.720] GetProcAddress (hModule=0x6f920000, lpProcName="InheritsFrom") returned 0x6f922880 [0149.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x8f3f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 9 [0149.730] GetProcAddress (hModule=0x6f920000, lpProcName="GetMethod") returned 0x6f9226b0 [0149.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x8f3f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 9 [0149.746] GetProcAddress (hModule=0x6f920000, lpProcName="PutMethod") returned 0x6f922ae0 [0149.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x8f3f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 12 [0149.755] GetProcAddress (hModule=0x6f920000, lpProcName="DeleteMethod") returned 0x6f922430 [0149.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x8f3f074, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 22 [0149.756] GetProcAddress (hModule=0x6f920000, lpProcName="BeginMethodEnumeration") returned 0x6f922070 [0149.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x8f3f080, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 10 [0149.758] GetProcAddress (hModule=0x6f920000, lpProcName="NextMethod") returned 0x6f922940 [0149.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x8f3f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 20 [0149.765] GetProcAddress (hModule=0x6f920000, lpProcName="EndMethodEnumeration") returned 0x6f9224f0 [0149.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x8f3f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 21 [0149.765] GetProcAddress (hModule=0x6f920000, lpProcName="GetMethodQualifierSet") returned 0x6f922710 [0149.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x8f3f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0149.766] GetProcAddress (hModule=0x6f920000, lpProcName="GetMethodOrigin") returned 0x6f9226e0 [0149.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x8f3f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 16 [0149.767] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_Get") returned 0x6f922b70 [0149.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x8f3f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 16 [0149.775] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_Put") returned 0x6f922c00 [0149.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x8f3f074, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0149.781] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_Delete") returned 0x6f922b30 [0149.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x8f3f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 21 [0149.782] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_GetNames") returned 0x6f922ba0 [0149.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x8f3f06c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 29 [0149.787] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6f922b10 [0149.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x8f3f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 17 [0149.788] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_Next") returned 0x6f922bd0 [0149.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x8f3f06c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0149.794] GetProcAddress (hModule=0x6f920000, lpProcName="QualifierSet_EndEnumeration") returned 0x6f922b50 [0149.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x8f3f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0149.794] GetProcAddress (hModule=0x6f920000, lpProcName="GetCurrentApartmentType") returned 0x6f922860 [0149.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x8f3f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 20 [0149.803] GetProcAddress (hModule=0x6f920000, lpProcName="GetDemultiplexedStub") returned 0x6f922660 [0149.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x8f3f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 21 [0149.807] GetProcAddress (hModule=0x6f920000, lpProcName="CreateInstanceEnumWmi") returned 0x6f922380 [0149.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x8f3f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 18 [0149.882] GetProcAddress (hModule=0x6f920000, lpProcName="CreateClassEnumWmi") returned 0x6f9222f0 [0149.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x8f3f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 12 [0149.883] GetProcAddress (hModule=0x6f920000, lpProcName="ExecQueryWmi") returned 0x6f9225a0 [0149.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x8f3f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 24 [0149.898] GetProcAddress (hModule=0x6f920000, lpProcName="ExecNotificationQueryWmi") returned 0x6f922510 [0149.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x8f3f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 14 [0149.905] GetProcAddress (hModule=0x6f920000, lpProcName="PutInstanceWmi") returned 0x6f922a40 [0149.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x8f3f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0149.919] GetProcAddress (hModule=0x6f920000, lpProcName="PutClassWmi") returned 0x6f9229a0 [0149.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x8f3f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 24 [0149.924] GetProcAddress (hModule=0x6f920000, lpProcName="CloneEnumWbemClassObject") returned 0x6f922170 [0149.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x8f3f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi´ ¥nì9`2(úænHóó\x08", lpUsedDefaultChar=0x0) returned 16 [0149.949] GetProcAddress (hModule=0x6f920000, lpProcName="ConnectServerWmi") returned 0x6f922230 [0149.970] CoCreateInstance (in: rclsid=0x6f9213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f921414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8f3f7a4 | out: ppv=0x8f3f7a4*=0x673c10) returned 0x0 [0149.970] WbemLocator:IWbemLocator:ConnectServer (in: This=0x673c10, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8f3f838 | out: ppNamespace=0x8f3f838*=0x5d4090) returned 0x0 [0150.002] WbemLocator:IUnknown:QueryInterface (in: This=0x5d4090, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f6cc | out: ppvObject=0x8f3f6cc*=0x615fb4) returned 0x0 [0150.003] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x615fb4, pProxy=0x5d4090, pAuthnSvc=0x8f3f71c, pAuthzSvc=0x8f3f718, pServerPrincName=0x8f3f710, pAuthnLevel=0x8f3f714, pImpLevel=0x8f3f704, pAuthInfo=0x8f3f708, pCapabilites=0x8f3f70c | out: pAuthnSvc=0x8f3f71c*=0xa, pAuthzSvc=0x8f3f718*=0x0, pServerPrincName=0x8f3f710, pAuthnLevel=0x8f3f714*=0x6, pImpLevel=0x8f3f704*=0x2, pAuthInfo=0x8f3f708, pCapabilites=0x8f3f70c*=0x1) returned 0x0 [0150.003] WbemLocator:IUnknown:Release (This=0x615fb4) returned 0x1 [0150.003] WbemLocator:IUnknown:QueryInterface (in: This=0x5d4090, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f6c0 | out: ppvObject=0x8f3f6c0*=0x615fd8) returned 0x0 [0150.003] WbemLocator:IUnknown:QueryInterface (in: This=0x5d4090, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f6ac | out: ppvObject=0x8f3f6ac*=0x615fb4) returned 0x0 [0150.003] WbemLocator:IClientSecurity:SetBlanket (This=0x615fb4, pProxy=0x5d4090, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0150.003] WbemLocator:IUnknown:Release (This=0x615fb4) returned 0x2 [0150.003] WbemLocator:IUnknown:Release (This=0x615fd8) returned 0x1 [0150.004] CoTaskMemFree (pv=0x661438) [0150.004] WbemLocator:IUnknown:Release (This=0x673c10) returned 0x0 [0150.004] WbemLocator:IUnknown:QueryInterface (in: This=0x5d4090, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f2bc | out: ppvObject=0x8f3f2bc*=0x615fd8) returned 0x0 [0150.004] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8f3f278 | out: ppvObject=0x8f3f278*=0x0) returned 0x80004002 [0150.005] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8f3f094 | out: ppvObject=0x8f3f094*=0x0) returned 0x80004002 [0150.005] WbemLocator:IUnknown:QueryInterface (in: This=0x5d4090, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x8f3ee6c | out: ppvObject=0x8f3ee6c*=0x0) returned 0x80004002 [0150.006] WbemLocator:IUnknown:AddRef (This=0x615fd8) returned 0x3 [0150.006] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8f3ebcc | out: ppvObject=0x8f3ebcc*=0x0) returned 0x80004002 [0150.006] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8f3eb7c | out: ppvObject=0x8f3eb7c*=0x0) returned 0x80004002 [0150.006] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3eb88 | out: ppvObject=0x8f3eb88*=0x615f34) returned 0x0 [0150.007] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x615f34, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8f3eb90 | out: pCid=0x8f3eb90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.007] WbemLocator:IUnknown:Release (This=0x615f34) returned 0x3 [0150.007] CoGetContextToken (in: pToken=0x8f3ebe8 | out: pToken=0x8f3ebe8) returned 0x0 [0150.007] CoGetContextToken (in: pToken=0x8f3eff0 | out: pToken=0x8f3eff0) returned 0x0 [0150.007] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f3f07c | out: ppvObject=0x8f3f07c*=0x615fbc) returned 0x0 [0150.007] WbemLocator:IRpcOptions:Query (in: This=0x615fbc, pPrx=0x615fd8, dwProperty=2, pdwValue=0x8f3f088 | out: pdwValue=0x8f3f088) returned 0x80004002 [0150.007] WbemLocator:IUnknown:Release (This=0x615fbc) returned 0x3 [0150.008] WbemLocator:IUnknown:Release (This=0x615fd8) returned 0x2 [0150.008] CoGetContextToken (in: pToken=0x8f3f5d0 | out: pToken=0x8f3f5d0) returned 0x0 [0150.008] CoGetContextToken (in: pToken=0x8f3f530 | out: pToken=0x8f3f530) returned 0x0 [0150.008] WbemLocator:IUnknown:QueryInterface (in: This=0x615fd8, riid=0x8f3f600*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8f3f5fc | out: ppvObject=0x8f3f5fc*=0x5d4090) returned 0x0 [0150.008] WbemLocator:IUnknown:AddRef (This=0x5d4090) returned 0x4 [0150.008] WbemLocator:IUnknown:Release (This=0x5d4090) returned 0x3 [0150.008] WbemLocator:IUnknown:Release (This=0x5d4090) returned 0x2 [0150.017] SysStringLen (param_1=0x0) returned 0x0 [0150.019] CoUninitialize () Thread: id = 120 os_tid = 0x5c0 [0150.036] CoGetContextToken (in: pToken=0x8f3f26c | out: pToken=0x8f3f26c) returned 0x0 [0150.036] CoGetContextToken (in: pToken=0x8f3f25c | out: pToken=0x8f3f25c) returned 0x0 [0150.037] CoGetMarshalSizeMax (in: pulSize=0x8f3f218, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x615fd8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8f3f218) returned 0x0 [0150.039] CoMarshalInterface (pStm=0x649eb8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x615fd8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0167.161] CoGetContextToken (in: pToken=0x8f3f26c | out: pToken=0x8f3f26c) returned 0x0 [0167.161] CoGetContextToken (in: pToken=0x8f3f25c | out: pToken=0x8f3f25c) returned 0x0 [0167.161] CoGetMarshalSizeMax (in: pulSize=0x8f3f218, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6164d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8f3f218) returned 0x0 [0167.162] CoMarshalInterface (pStm=0x649c98, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x6164d8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0174.441] CoGetContextToken (in: pToken=0x8f3f26c | out: pToken=0x8f3f26c) returned 0x0 [0174.441] CoGetContextToken (in: pToken=0x8f3f25c | out: pToken=0x8f3f25c) returned 0x0 [0174.441] CoGetMarshalSizeMax (in: pulSize=0x8f3f218, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x682e38, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8f3f218) returned 0x0 [0174.441] CoMarshalInterface (pStm=0x685c58, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x682e38, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0174.663] CoGetContextToken (in: pToken=0x8f3f26c | out: pToken=0x8f3f26c) returned 0x0 [0174.663] CoGetContextToken (in: pToken=0x8f3f25c | out: pToken=0x8f3f25c) returned 0x0 [0174.663] CoGetMarshalSizeMax (in: pulSize=0x8f3f218, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x683038, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8f3f218) returned 0x0 [0174.664] CoMarshalInterface (pStm=0x685ab8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x683038, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0234.031] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x8f3fc64 | out: pperrinfo=0x8f3fc64*=0x0) returned 0x1 Thread: id = 122 os_tid = 0x1218 [0167.107] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0167.107] RoInitialize () returned 0x1 [0167.107] RoUninitialize () returned 0x0 [0167.109] CoGetClassObject (in: rclsid=0x6555cc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x907f480 | out: ppv=0x907f480*=0x6447c0) returned 0x0 [0167.109] WbemLocator:IUnknown:QueryInterface (in: This=0x6447c0, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x907f69c | out: ppvObject=0x907f69c*=0x0) returned 0x80004002 [0167.109] WbemLocator:IClassFactory:CreateInstance (in: This=0x6447c0, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f6a8 | out: ppvObject=0x907f6a8*=0x673cf0) returned 0x0 [0167.110] WbemLocator:IUnknown:Release (This=0x6447c0) returned 0x0 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f2cc | out: ppvObject=0x907f2cc*=0x673cf0) returned 0x0 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x907f288 | out: ppvObject=0x907f288*=0x0) returned 0x80004002 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x907ee7c | out: ppvObject=0x907ee7c*=0x0) returned 0x80004002 [0167.110] WbemLocator:IUnknown:AddRef (This=0x673cf0) returned 0x3 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x907ebdc | out: ppvObject=0x907ebdc*=0x0) returned 0x80004002 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x907eb8c | out: ppvObject=0x907eb8c*=0x0) returned 0x80004002 [0167.110] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907eb98 | out: ppvObject=0x907eb98*=0x0) returned 0x80004002 [0167.110] CoGetContextToken (in: pToken=0x907ebf8 | out: pToken=0x907ebf8) returned 0x0 [0167.112] CoGetContextToken (in: pToken=0x907f000 | out: pToken=0x907f000) returned 0x0 [0167.112] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f08c | out: ppvObject=0x907f08c*=0x0) returned 0x80004002 [0167.112] WbemLocator:IUnknown:Release (This=0x673cf0) returned 0x2 [0167.112] WbemLocator:IUnknown:Release (This=0x673cf0) returned 0x1 [0167.112] CoGetContextToken (in: pToken=0x907f688 | out: pToken=0x907f688) returned 0x0 [0167.112] CoGetContextToken (in: pToken=0x907f5e8 | out: pToken=0x907f5e8) returned 0x0 [0167.112] WbemLocator:IUnknown:QueryInterface (in: This=0x673cf0, riid=0x907f6b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x907f6b4 | out: ppvObject=0x907f6b4*=0x673cf0) returned 0x0 [0167.112] WbemLocator:IUnknown:AddRef (This=0x673cf0) returned 0x3 [0167.112] WbemLocator:IUnknown:Release (This=0x673cf0) returned 0x2 [0167.113] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67cfd0, puCount=0x907f84c | out: puCount=0x907f84c*=0x2) returned 0x0 [0167.113] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=8, puBuffLength=0x907f848*=0x0, pszText=0x0 | out: puBuffLength=0x907f848*=0xf, pszText=0x0) returned 0x0 [0167.113] WbemDefPath:IWbemPath:GetText (in: This=0x67cfd0, lFlags=8, puBuffLength=0x907f848*=0xf, pszText="00000000000000" | out: puBuffLength=0x907f848*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.113] CoCreateInstance (in: rclsid=0x6f9213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f921414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x907f724 | out: ppv=0x907f724*=0x673c50) returned 0x0 [0167.113] WbemLocator:IWbemLocator:ConnectServer (in: This=0x673c50, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x907f7b8 | out: ppNamespace=0x907f7b8*=0x67da00) returned 0x0 [0167.149] WbemLocator:IUnknown:QueryInterface (in: This=0x67da00, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f64c | out: ppvObject=0x907f64c*=0x6164b4) returned 0x0 [0167.149] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x6164b4, pProxy=0x67da00, pAuthnSvc=0x907f69c, pAuthzSvc=0x907f698, pServerPrincName=0x907f690, pAuthnLevel=0x907f694, pImpLevel=0x907f684, pAuthInfo=0x907f688, pCapabilites=0x907f68c | out: pAuthnSvc=0x907f69c*=0xa, pAuthzSvc=0x907f698*=0x0, pServerPrincName=0x907f690, pAuthnLevel=0x907f694*=0x6, pImpLevel=0x907f684*=0x2, pAuthInfo=0x907f688, pCapabilites=0x907f68c*=0x1) returned 0x0 [0167.149] WbemLocator:IUnknown:Release (This=0x6164b4) returned 0x1 [0167.149] WbemLocator:IUnknown:QueryInterface (in: This=0x67da00, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f640 | out: ppvObject=0x907f640*=0x6164d8) returned 0x0 [0167.149] WbemLocator:IUnknown:QueryInterface (in: This=0x67da00, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f62c | out: ppvObject=0x907f62c*=0x6164b4) returned 0x0 [0167.150] WbemLocator:IClientSecurity:SetBlanket (This=0x6164b4, pProxy=0x67da00, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.150] WbemLocator:IUnknown:Release (This=0x6164b4) returned 0x2 [0167.150] WbemLocator:IUnknown:Release (This=0x6164d8) returned 0x1 [0167.150] CoTaskMemFree (pv=0x661588) [0167.150] WbemLocator:IUnknown:Release (This=0x673c50) returned 0x0 [0167.150] WbemLocator:IUnknown:QueryInterface (in: This=0x67da00, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907f23c | out: ppvObject=0x907f23c*=0x6164d8) returned 0x0 [0167.151] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x907f1f8 | out: ppvObject=0x907f1f8*=0x0) returned 0x80004002 [0167.151] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x907f014 | out: ppvObject=0x907f014*=0x0) returned 0x80004002 [0167.152] WbemLocator:IUnknown:QueryInterface (in: This=0x67da00, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x907edec | out: ppvObject=0x907edec*=0x0) returned 0x80004002 [0167.152] WbemLocator:IUnknown:AddRef (This=0x6164d8) returned 0x3 [0167.153] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x907eb4c | out: ppvObject=0x907eb4c*=0x0) returned 0x80004002 [0167.153] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x907eafc | out: ppvObject=0x907eafc*=0x0) returned 0x80004002 [0167.153] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907eb08 | out: ppvObject=0x907eb08*=0x616434) returned 0x0 [0167.153] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x616434, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x907eb10 | out: pCid=0x907eb10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.153] WbemLocator:IUnknown:Release (This=0x616434) returned 0x3 [0167.153] CoGetContextToken (in: pToken=0x907eb68 | out: pToken=0x907eb68) returned 0x0 [0167.153] CoGetContextToken (in: pToken=0x907ef70 | out: pToken=0x907ef70) returned 0x0 [0167.153] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x907effc | out: ppvObject=0x907effc*=0x6164bc) returned 0x0 [0167.153] WbemLocator:IRpcOptions:Query (in: This=0x6164bc, pPrx=0x6164d8, dwProperty=2, pdwValue=0x907f008 | out: pdwValue=0x907f008) returned 0x80004002 [0167.154] WbemLocator:IUnknown:Release (This=0x6164bc) returned 0x3 [0167.154] WbemLocator:IUnknown:Release (This=0x6164d8) returned 0x2 [0167.154] CoGetContextToken (in: pToken=0x907f550 | out: pToken=0x907f550) returned 0x0 [0167.154] CoGetContextToken (in: pToken=0x907f4b0 | out: pToken=0x907f4b0) returned 0x0 [0167.154] WbemLocator:IUnknown:QueryInterface (in: This=0x6164d8, riid=0x907f580*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x907f57c | out: ppvObject=0x907f57c*=0x67da00) returned 0x0 [0167.154] WbemLocator:IUnknown:AddRef (This=0x67da00) returned 0x4 [0167.154] WbemLocator:IUnknown:Release (This=0x67da00) returned 0x3 [0167.154] WbemLocator:IUnknown:Release (This=0x67da00) returned 0x2 [0167.154] SysStringLen (param_1=0x0) returned 0x0 [0167.155] CoUninitialize () Thread: id = 126 os_tid = 0x123c [0167.883] CoGetContextToken (in: pToken=0x90cfebc | out: pToken=0x90cfebc) returned 0x0 [0167.883] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x90cfee0 | out: ppvObject=0x90cfee0*=0x5dfaf4) returned 0x0 [0167.912] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x90cff0c | out: pThreadType=0x90cff0c*=0) returned 0x0 [0167.912] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0167.912] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0167.912] RoInitialize () returned 0x1 [0167.912] RoUninitialize () returned 0x0 Thread: id = 127 os_tid = 0x124c [0168.148] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0168.149] CoGetContextToken (in: pToken=0x920fbc4 | out: pToken=0x920fbc4) returned 0x0 [0168.149] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x920fbe8 | out: ppvObject=0x920fbe8*=0x5dfaf4) returned 0x0 [0168.149] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x920fc14 | out: pThreadType=0x920fc14*=0) returned 0x0 [0168.150] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0168.150] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0168.150] CoUninitialize () [0168.150] RoInitialize () returned 0x1 [0168.150] RoUninitialize () returned 0x0 [0168.153] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x920f8c8 | out: UnbiasedTime=0x920f8c8) returned 1 [0168.154] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x920f8b8 | out: UnbiasedTime=0x920f8b8) returned 1 [0188.713] CoUninitialize () Thread: id = 128 os_tid = 0x1230 Thread: id = 129 os_tid = 0x122c [0174.374] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0174.374] RoInitialize () returned 0x1 [0174.374] RoUninitialize () returned 0x0 [0174.376] CoGetClassObject (in: rclsid=0x6555cc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x93ef380 | out: ppv=0x93ef380*=0x8f55690) returned 0x0 [0174.376] WbemLocator:IUnknown:QueryInterface (in: This=0x8f55690, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x93ef59c | out: ppvObject=0x93ef59c*=0x0) returned 0x80004002 [0174.376] WbemLocator:IClassFactory:CreateInstance (in: This=0x8f55690, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef5a8 | out: ppvObject=0x93ef5a8*=0x673be0) returned 0x0 [0174.376] WbemLocator:IUnknown:Release (This=0x8f55690) returned 0x0 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef1cc | out: ppvObject=0x93ef1cc*=0x673be0) returned 0x0 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x93ef188 | out: ppvObject=0x93ef188*=0x0) returned 0x80004002 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x93eed7c | out: ppvObject=0x93eed7c*=0x0) returned 0x80004002 [0174.377] WbemLocator:IUnknown:AddRef (This=0x673be0) returned 0x3 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x93eeadc | out: ppvObject=0x93eeadc*=0x0) returned 0x80004002 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x93eea8c | out: ppvObject=0x93eea8c*=0x0) returned 0x80004002 [0174.377] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eea98 | out: ppvObject=0x93eea98*=0x0) returned 0x80004002 [0174.377] CoGetContextToken (in: pToken=0x93eeaf8 | out: pToken=0x93eeaf8) returned 0x0 [0174.378] CoGetContextToken (in: pToken=0x93eef00 | out: pToken=0x93eef00) returned 0x0 [0174.378] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eef8c | out: ppvObject=0x93eef8c*=0x0) returned 0x80004002 [0174.378] WbemLocator:IUnknown:Release (This=0x673be0) returned 0x2 [0174.378] WbemLocator:IUnknown:Release (This=0x673be0) returned 0x1 [0174.378] CoGetContextToken (in: pToken=0x93ef588 | out: pToken=0x93ef588) returned 0x0 [0174.378] CoGetContextToken (in: pToken=0x93ef4e8 | out: pToken=0x93ef4e8) returned 0x0 [0174.378] WbemLocator:IUnknown:QueryInterface (in: This=0x673be0, riid=0x93ef5b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x93ef5b4 | out: ppvObject=0x93ef5b4*=0x673be0) returned 0x0 [0174.379] WbemLocator:IUnknown:AddRef (This=0x673be0) returned 0x3 [0174.379] WbemLocator:IUnknown:Release (This=0x673be0) returned 0x2 [0174.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x93ef74c | out: puCount=0x93ef74c*=0x2) returned 0x0 [0174.379] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=8, puBuffLength=0x93ef748*=0x0, pszText=0x0 | out: puBuffLength=0x93ef748*=0xf, pszText=0x0) returned 0x0 [0174.379] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=8, puBuffLength=0x93ef748*=0xf, pszText="00000000000000" | out: puBuffLength=0x93ef748*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.379] CoCreateInstance (in: rclsid=0x6f9213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f921414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x93ef624 | out: ppv=0x93ef624*=0x673ae0) returned 0x0 [0174.379] WbemLocator:IWbemLocator:ConnectServer (in: This=0x673ae0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x93ef6b8 | out: ppNamespace=0x93ef6b8*=0x67e180) returned 0x0 [0174.432] WbemLocator:IUnknown:QueryInterface (in: This=0x67e180, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef54c | out: ppvObject=0x93ef54c*=0x682e14) returned 0x0 [0174.433] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x682e14, pProxy=0x67e180, pAuthnSvc=0x93ef59c, pAuthzSvc=0x93ef598, pServerPrincName=0x93ef590, pAuthnLevel=0x93ef594, pImpLevel=0x93ef584, pAuthInfo=0x93ef588, pCapabilites=0x93ef58c | out: pAuthnSvc=0x93ef59c*=0xa, pAuthzSvc=0x93ef598*=0x0, pServerPrincName=0x93ef590, pAuthnLevel=0x93ef594*=0x6, pImpLevel=0x93ef584*=0x2, pAuthInfo=0x93ef588, pCapabilites=0x93ef58c*=0x1) returned 0x0 [0174.433] WbemLocator:IUnknown:Release (This=0x682e14) returned 0x1 [0174.433] WbemLocator:IUnknown:QueryInterface (in: This=0x67e180, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef540 | out: ppvObject=0x93ef540*=0x682e38) returned 0x0 [0174.433] WbemLocator:IUnknown:QueryInterface (in: This=0x67e180, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef52c | out: ppvObject=0x93ef52c*=0x682e14) returned 0x0 [0174.433] WbemLocator:IClientSecurity:SetBlanket (This=0x682e14, pProxy=0x67e180, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.433] WbemLocator:IUnknown:Release (This=0x682e14) returned 0x2 [0174.433] WbemLocator:IUnknown:Release (This=0x682e38) returned 0x1 [0174.433] CoTaskMemFree (pv=0x6612e8) [0174.433] WbemLocator:IUnknown:Release (This=0x673ae0) returned 0x0 [0174.433] WbemLocator:IUnknown:QueryInterface (in: This=0x67e180, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef13c | out: ppvObject=0x93ef13c*=0x682e38) returned 0x0 [0174.434] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x93ef0f8 | out: ppvObject=0x93ef0f8*=0x0) returned 0x80004002 [0174.435] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x93eef14 | out: ppvObject=0x93eef14*=0x0) returned 0x80004002 [0174.435] WbemLocator:IUnknown:QueryInterface (in: This=0x67e180, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x93eecec | out: ppvObject=0x93eecec*=0x0) returned 0x80004002 [0174.436] WbemLocator:IUnknown:AddRef (This=0x682e38) returned 0x3 [0174.436] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x93eea4c | out: ppvObject=0x93eea4c*=0x0) returned 0x80004002 [0174.436] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x93ee9fc | out: ppvObject=0x93ee9fc*=0x0) returned 0x80004002 [0174.436] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eea08 | out: ppvObject=0x93eea08*=0x682d94) returned 0x0 [0174.436] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682d94, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x93eea10 | out: pCid=0x93eea10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.436] WbemLocator:IUnknown:Release (This=0x682d94) returned 0x3 [0174.436] CoGetContextToken (in: pToken=0x93eea68 | out: pToken=0x93eea68) returned 0x0 [0174.436] CoGetContextToken (in: pToken=0x93eee70 | out: pToken=0x93eee70) returned 0x0 [0174.436] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eeefc | out: ppvObject=0x93eeefc*=0x682e1c) returned 0x0 [0174.436] WbemLocator:IRpcOptions:Query (in: This=0x682e1c, pPrx=0x682e38, dwProperty=2, pdwValue=0x93eef08 | out: pdwValue=0x93eef08) returned 0x80004002 [0174.437] WbemLocator:IUnknown:Release (This=0x682e1c) returned 0x3 [0174.437] WbemLocator:IUnknown:Release (This=0x682e38) returned 0x2 [0174.437] CoGetContextToken (in: pToken=0x93ef450 | out: pToken=0x93ef450) returned 0x0 [0174.437] CoGetContextToken (in: pToken=0x93ef3b0 | out: pToken=0x93ef3b0) returned 0x0 [0174.437] WbemLocator:IUnknown:QueryInterface (in: This=0x682e38, riid=0x93ef480*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x93ef47c | out: ppvObject=0x93ef47c*=0x67e180) returned 0x0 [0174.437] WbemLocator:IUnknown:AddRef (This=0x67e180) returned 0x4 [0174.437] WbemLocator:IUnknown:Release (This=0x67e180) returned 0x3 [0174.437] WbemLocator:IUnknown:Release (This=0x67e180) returned 0x2 [0174.437] SysStringLen (param_1=0x0) returned 0x0 [0174.437] CoUninitialize () Thread: id = 130 os_tid = 0x1220 [0174.622] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0174.622] RoInitialize () returned 0x1 [0174.622] RoUninitialize () returned 0x0 [0174.623] CoGetClassObject (in: rclsid=0x6555cc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6efe4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x93ef300 | out: ppv=0x93ef300*=0x8f55300) returned 0x0 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x8f55300, riid=0x6efc79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x93ef51c | out: ppvObject=0x93ef51c*=0x0) returned 0x80004002 [0174.624] WbemLocator:IClassFactory:CreateInstance (in: This=0x8f55300, pUnkOuter=0x0, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef528 | out: ppvObject=0x93ef528*=0x61bac8) returned 0x0 [0174.624] WbemLocator:IUnknown:Release (This=0x8f55300) returned 0x0 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef14c | out: ppvObject=0x93ef14c*=0x61bac8) returned 0x0 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x93ef108 | out: ppvObject=0x93ef108*=0x0) returned 0x80004002 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x93eecfc | out: ppvObject=0x93eecfc*=0x0) returned 0x80004002 [0174.624] WbemLocator:IUnknown:AddRef (This=0x61bac8) returned 0x3 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x93eea5c | out: ppvObject=0x93eea5c*=0x0) returned 0x80004002 [0174.624] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x93eea0c | out: ppvObject=0x93eea0c*=0x0) returned 0x80004002 [0174.625] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eea18 | out: ppvObject=0x93eea18*=0x0) returned 0x80004002 [0174.625] CoGetContextToken (in: pToken=0x93eea78 | out: pToken=0x93eea78) returned 0x0 [0174.625] CoGetContextToken (in: pToken=0x93eee80 | out: pToken=0x93eee80) returned 0x0 [0174.625] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eef0c | out: ppvObject=0x93eef0c*=0x0) returned 0x80004002 [0174.625] WbemLocator:IUnknown:Release (This=0x61bac8) returned 0x2 [0174.625] WbemLocator:IUnknown:Release (This=0x61bac8) returned 0x1 [0174.626] CoGetContextToken (in: pToken=0x93ef508 | out: pToken=0x93ef508) returned 0x0 [0174.626] CoGetContextToken (in: pToken=0x93ef468 | out: pToken=0x93ef468) returned 0x0 [0174.626] WbemLocator:IUnknown:QueryInterface (in: This=0x61bac8, riid=0x93ef538*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x93ef534 | out: ppvObject=0x93ef534*=0x61bac8) returned 0x0 [0174.626] WbemLocator:IUnknown:AddRef (This=0x61bac8) returned 0x3 [0174.626] WbemLocator:IUnknown:Release (This=0x61bac8) returned 0x2 [0174.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64be70, puCount=0x93ef6cc | out: puCount=0x93ef6cc*=0x2) returned 0x0 [0174.626] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=8, puBuffLength=0x93ef6c8*=0x0, pszText=0x0 | out: puBuffLength=0x93ef6c8*=0xf, pszText=0x0) returned 0x0 [0174.626] WbemDefPath:IWbemPath:GetText (in: This=0x64be70, lFlags=8, puBuffLength=0x93ef6c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x93ef6c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0174.626] CoCreateInstance (in: rclsid=0x6f9213b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f921414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x93ef5a4 | out: ppv=0x93ef5a4*=0x61b9f8) returned 0x0 [0174.626] WbemLocator:IWbemLocator:ConnectServer (in: This=0x61b9f8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x93ef638 | out: ppNamespace=0x93ef638*=0x67e450) returned 0x0 [0174.653] WbemLocator:IUnknown:QueryInterface (in: This=0x67e450, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef4cc | out: ppvObject=0x93ef4cc*=0x683014) returned 0x0 [0174.653] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x683014, pProxy=0x67e450, pAuthnSvc=0x93ef51c, pAuthzSvc=0x93ef518, pServerPrincName=0x93ef510, pAuthnLevel=0x93ef514, pImpLevel=0x93ef504, pAuthInfo=0x93ef508, pCapabilites=0x93ef50c | out: pAuthnSvc=0x93ef51c*=0xa, pAuthzSvc=0x93ef518*=0x0, pServerPrincName=0x93ef510, pAuthnLevel=0x93ef514*=0x6, pImpLevel=0x93ef504*=0x2, pAuthInfo=0x93ef508, pCapabilites=0x93ef50c*=0x1) returned 0x0 [0174.654] WbemLocator:IUnknown:Release (This=0x683014) returned 0x1 [0174.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67e450, riid=0x6f921224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef4c0 | out: ppvObject=0x93ef4c0*=0x683038) returned 0x0 [0174.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67e450, riid=0x6f921234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef4ac | out: ppvObject=0x93ef4ac*=0x683014) returned 0x0 [0174.654] WbemLocator:IClientSecurity:SetBlanket (This=0x683014, pProxy=0x67e450, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.654] WbemLocator:IUnknown:Release (This=0x683014) returned 0x2 [0174.654] WbemLocator:IUnknown:Release (This=0x683038) returned 0x1 [0174.654] CoTaskMemFree (pv=0x6614f8) [0174.654] WbemLocator:IUnknown:Release (This=0x61b9f8) returned 0x0 [0174.655] WbemLocator:IUnknown:QueryInterface (in: This=0x67e450, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ef0bc | out: ppvObject=0x93ef0bc*=0x683038) returned 0x0 [0174.655] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6f009c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x93ef078 | out: ppvObject=0x93ef078*=0x0) returned 0x80004002 [0174.656] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6f009bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x93eee94 | out: ppvObject=0x93eee94*=0x0) returned 0x80004002 [0174.656] WbemLocator:IUnknown:QueryInterface (in: This=0x67e450, riid=0x6f009c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x93eec6c | out: ppvObject=0x93eec6c*=0x0) returned 0x80004002 [0174.657] WbemLocator:IUnknown:AddRef (This=0x683038) returned 0x3 [0174.657] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6f0098cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x93ee9cc | out: ppvObject=0x93ee9cc*=0x0) returned 0x80004002 [0174.657] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6f009820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x93ee97c | out: ppvObject=0x93ee97c*=0x0) returned 0x80004002 [0174.657] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6eeaa540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93ee988 | out: ppvObject=0x93ee988*=0x682f94) returned 0x0 [0174.658] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x682f94, riid=0x6ee9de2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x93ee990 | out: pCid=0x93ee990*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.658] WbemLocator:IUnknown:Release (This=0x682f94) returned 0x3 [0174.658] CoGetContextToken (in: pToken=0x93ee9e8 | out: pToken=0x93ee9e8) returned 0x0 [0174.658] CoGetContextToken (in: pToken=0x93eedf0 | out: pToken=0x93eedf0) returned 0x0 [0174.658] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x6f009b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x93eee7c | out: ppvObject=0x93eee7c*=0x68301c) returned 0x0 [0174.658] WbemLocator:IRpcOptions:Query (in: This=0x68301c, pPrx=0x683038, dwProperty=2, pdwValue=0x93eee88 | out: pdwValue=0x93eee88) returned 0x80004002 [0174.658] WbemLocator:IUnknown:Release (This=0x68301c) returned 0x3 [0174.658] WbemLocator:IUnknown:Release (This=0x683038) returned 0x2 [0174.658] CoGetContextToken (in: pToken=0x93ef3d0 | out: pToken=0x93ef3d0) returned 0x0 [0174.658] CoGetContextToken (in: pToken=0x93ef330 | out: pToken=0x93ef330) returned 0x0 [0174.658] WbemLocator:IUnknown:QueryInterface (in: This=0x683038, riid=0x93ef400*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x93ef3fc | out: ppvObject=0x93ef3fc*=0x67e450) returned 0x0 [0174.658] WbemLocator:IUnknown:AddRef (This=0x67e450) returned 0x4 [0174.658] WbemLocator:IUnknown:Release (This=0x67e450) returned 0x3 [0174.658] WbemLocator:IUnknown:Release (This=0x67e450) returned 0x2 [0174.659] SysStringLen (param_1=0x0) returned 0x0 [0174.659] CoUninitialize () Thread: id = 131 os_tid = 0x1248 [0177.672] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0177.672] RoInitialize () returned 0x1 [0177.673] RoUninitialize () returned 0x0 [0177.675] ResetEvent (hEvent=0x230) returned 1 [0228.127] SetEvent (hEvent=0x230) returned 1 [0278.144] SetEvent (hEvent=0x230) returned 1 Thread: id = 132 os_tid = 0xb04 [0197.914] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0197.915] CoGetContextToken (in: pToken=0x920f9c4 | out: pToken=0x920f9c4) returned 0x0 [0197.915] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x920f9e8 | out: ppvObject=0x920f9e8*=0x5dfaf4) returned 0x0 [0197.916] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x920fa14 | out: pThreadType=0x920fa14*=0) returned 0x0 [0197.916] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0197.916] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0197.916] CoUninitialize () [0197.916] RoInitialize () returned 0x1 [0197.916] RoUninitialize () returned 0x0 [0197.917] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x920f6c8 | out: UnbiasedTime=0x920f6c8) returned 1 [0197.917] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x920f6b8 | out: UnbiasedTime=0x920f6b8) returned 1 [0197.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x920f5b4 | out: lpSystemTimeAsFileTime=0x920f5b4*(dwLowDateTime=0xe4949c62, dwHighDateTime=0x1d8a8b9)) [0197.996] GetLastInputInfo (in: plii=0x63689e0 | out: plii=0x63689e0*(cbSize=0x8, dwTime=0xee0931)) returned 1 [0218.015] CoUninitialize () Thread: id = 133 os_tid = 0x668 Thread: id = 134 os_tid = 0x6d8 [0198.003] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0198.004] CoGetContextToken (in: pToken=0x96cf944 | out: pToken=0x96cf944) returned 0x0 [0198.004] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x96cf968 | out: ppvObject=0x96cf968*=0x5dfaf4) returned 0x0 [0198.005] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x96cf994 | out: pThreadType=0x96cf994*=0) returned 0x0 [0198.005] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0198.005] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0198.005] CoUninitialize () [0198.005] RoInitialize () returned 0x1 [0198.005] RoUninitialize () returned 0x0 [0218.123] CoUninitialize () Thread: id = 159 os_tid = 0x340 [0227.979] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0227.981] CoGetContextToken (in: pToken=0x79f8c4 | out: pToken=0x79f8c4) returned 0x0 [0227.981] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x79f8e8 | out: ppvObject=0x79f8e8*=0x5dfaf4) returned 0x0 [0227.982] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x79f914 | out: pThreadType=0x79f914*=0) returned 0x0 [0227.982] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0227.982] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0227.982] CoUninitialize () [0227.982] RoInitialize () returned 0x1 [0227.982] RoUninitialize () returned 0x0 [0227.983] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x79f5c8 | out: UnbiasedTime=0x79f5c8) returned 1 [0227.984] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x79f5b8 | out: UnbiasedTime=0x79f5b8) returned 1 [0227.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x79f4b4 | out: lpSystemTimeAsFileTime=0x79f4b4*(dwLowDateTime=0xf68005d6, dwHighDateTime=0x1d8a8b9)) [0227.987] GetLastInputInfo (in: plii=0x63689e0 | out: plii=0x63689e0*(cbSize=0x8, dwTime=0xee7f7b)) returned 1 [0248.003] CoUninitialize () Thread: id = 160 os_tid = 0x7a0 Thread: id = 161 os_tid = 0x838 [0227.997] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0227.998] CoGetContextToken (in: pToken=0x96cf844 | out: pToken=0x96cf844) returned 0x0 [0227.998] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x96cf868 | out: ppvObject=0x96cf868*=0x5dfaf4) returned 0x0 [0227.999] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x96cf894 | out: pThreadType=0x96cf894*=0) returned 0x0 [0227.999] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0227.999] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0227.999] CoUninitialize () [0227.999] RoInitialize () returned 0x1 [0227.999] RoUninitialize () returned 0x0 [0248.011] CoUninitialize () Thread: id = 163 os_tid = 0xad0 [0258.069] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0258.071] CoGetContextToken (in: pToken=0x79f7c4 | out: pToken=0x79f7c4) returned 0x0 [0258.071] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x79f7e8 | out: ppvObject=0x79f7e8*=0x5dfaf4) returned 0x0 [0258.072] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x79f814 | out: pThreadType=0x79f814*=0) returned 0x0 [0258.072] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0258.072] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0258.072] CoUninitialize () [0258.072] RoInitialize () returned 0x1 [0258.072] RoUninitialize () returned 0x0 [0258.073] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x79f4c8 | out: UnbiasedTime=0x79f4c8) returned 1 [0258.074] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x79f4b8 | out: UnbiasedTime=0x79f4b8) returned 1 [0258.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x79f3b4 | out: lpSystemTimeAsFileTime=0x79f3b4*(dwLowDateTime=0x86d530c, dwHighDateTime=0x1d8a8ba)) [0258.076] GetLastInputInfo (in: plii=0x63689e0 | out: plii=0x63689e0*(cbSize=0x8, dwTime=0xeef4ca)) returned 1 [0278.091] CoUninitialize () Thread: id = 164 os_tid = 0x46c Thread: id = 165 os_tid = 0x970 [0288.109] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0288.111] CoGetContextToken (in: pToken=0x91cf744 | out: pToken=0x91cf744) returned 0x0 [0288.111] IUnknown:QueryInterface (in: This=0x5dfae8, riid=0x6ef638a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x91cf768 | out: ppvObject=0x91cf768*=0x5dfaf4) returned 0x0 [0288.112] IComThreadingInfo:GetCurrentThreadType (in: This=0x5dfaf4, pThreadType=0x91cf794 | out: pThreadType=0x91cf794*=0) returned 0x0 [0288.112] IUnknown:Release (This=0x5dfaf4) returned 0x1 [0288.112] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0288.112] CoUninitialize () [0288.112] RoInitialize () returned 0x1 [0288.112] RoUninitialize () returned 0x0 [0288.113] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x91cf448 | out: UnbiasedTime=0x91cf448) returned 1 [0288.114] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x91cf438 | out: UnbiasedTime=0x91cf438) returned 1 [0288.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x91cf334 | out: lpSystemTimeAsFileTime=0x91cf334*(dwLowDateTime=0x1a565aa8, dwHighDateTime=0x1d8a8ba)) [0288.115] GetLastInputInfo (in: plii=0x63689e0 | out: plii=0x63689e0*(cbSize=0x8, dwTime=0xef69fa)) returned 1 [0308.115] CoUninitialize () Thread: id = 166 os_tid = 0x4e8 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75956000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 530 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 531 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 532 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 533 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 534 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 535 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 536 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 537 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 538 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 539 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 540 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 541 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 542 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 543 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 544 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 545 start_va = 0x420000 end_va = 0x422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 546 start_va = 0x430000 end_va = 0x431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 547 start_va = 0x440000 end_va = 0x441fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 548 start_va = 0x450000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 549 start_va = 0x460000 end_va = 0x46ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 550 start_va = 0x470000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 551 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 552 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 553 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 554 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 555 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 556 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 557 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 558 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 559 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 560 start_va = 0x8b0000 end_va = 0x8bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 561 start_va = 0x8c0000 end_va = 0x8c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 562 start_va = 0x8e0000 end_va = 0x8e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 563 start_va = 0x8f0000 end_va = 0x8f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 564 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 565 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 566 start_va = 0xb90000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 567 start_va = 0xc90000 end_va = 0xc93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 568 start_va = 0xca0000 end_va = 0xcb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 569 start_va = 0xcc0000 end_va = 0xcc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 570 start_va = 0xcd0000 end_va = 0xd14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 571 start_va = 0xd20000 end_va = 0xd2cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 572 start_va = 0xd30000 end_va = 0xd36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 573 start_va = 0xdc0000 end_va = 0xdc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 574 start_va = 0xdd0000 end_va = 0xdd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 575 start_va = 0xde0000 end_va = 0xde1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 576 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 577 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 578 start_va = 0x1000000 end_va = 0x1336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 579 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 580 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 581 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 582 start_va = 0x15c0000 end_va = 0x15c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 583 start_va = 0x15d0000 end_va = 0x15e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dnsapi.dll.mui" filename = "\\Windows\\System32\\en-US\\dnsapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dnsapi.dll.mui") Region: id = 584 start_va = 0x15f0000 end_va = 0x15f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 585 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 586 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 587 start_va = 0x1800000 end_va = 0x18dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 588 start_va = 0x18e0000 end_va = 0x18f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 589 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 590 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 591 start_va = 0x1a80000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 592 start_va = 0x1b80000 end_va = 0x1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 593 start_va = 0x1c80000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 594 start_va = 0x1d00000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 595 start_va = 0x1d80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 596 start_va = 0x1e80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 597 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 598 start_va = 0x2080000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 599 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 600 start_va = 0x2280000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 601 start_va = 0x2380000 end_va = 0x247ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 602 start_va = 0x2480000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 603 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 604 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 605 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 606 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 607 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 608 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 609 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 610 start_va = 0x2c00000 end_va = 0x2c8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 611 start_va = 0x2c90000 end_va = 0x2d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 612 start_va = 0x2d10000 end_va = 0x2e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 613 start_va = 0x2e10000 end_va = 0x2f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 614 start_va = 0x3010000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003010000" filename = "" Region: id = 615 start_va = 0x3150000 end_va = 0x3156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 616 start_va = 0x3190000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 617 start_va = 0x3290000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 618 start_va = 0x3310000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 619 start_va = 0x3390000 end_va = 0x3396fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 620 start_va = 0x3570000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 621 start_va = 0x3670000 end_va = 0x376ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 622 start_va = 0x3770000 end_va = 0x386ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 623 start_va = 0x3870000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003870000" filename = "" Region: id = 624 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 625 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 626 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 627 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 628 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 629 start_va = 0x3e00000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 630 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 631 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 632 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 633 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 634 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 635 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 636 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 637 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 638 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 639 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 640 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 641 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 642 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 643 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 644 start_va = 0x4e80000 end_va = 0x4e86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 645 start_va = 0x4f90000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f90000" filename = "" Region: id = 646 start_va = 0x50b0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 647 start_va = 0x51b0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 648 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 649 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 650 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 651 start_va = 0x5ab0000 end_va = 0x5baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ab0000" filename = "" Region: id = 652 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 653 start_va = 0x5d00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 654 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 655 start_va = 0x5fa0000 end_va = 0x5fa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fa0000" filename = "" Region: id = 656 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 657 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 658 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 659 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 660 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 661 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 662 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 663 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 664 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 665 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 666 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 667 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 668 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 669 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 670 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 671 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 672 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 673 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 674 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 675 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 676 start_va = 0x7400000 end_va = 0x74fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007400000" filename = "" Region: id = 677 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 678 start_va = 0x7600000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007600000" filename = "" Region: id = 679 start_va = 0x7a00000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 680 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 681 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 682 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 683 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 684 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 685 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 686 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 687 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 688 start_va = 0x7ff681250000 end_va = 0x7ff68125cfff monitored = 0 entry_point = 0x7ff681253980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 689 start_va = 0x7ff9fc150000 end_va = 0x7ff9fc3fffff monitored = 0 entry_point = 0x7ff9fc151cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 690 start_va = 0x7ff9fc5d0000 end_va = 0x7ff9fc6a4fff monitored = 0 entry_point = 0x7ff9fc5ecf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 691 start_va = 0x7ff9fc700000 end_va = 0x7ff9fc721fff monitored = 0 entry_point = 0x7ff9fc712540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 692 start_va = 0x7ff9fc730000 end_va = 0x7ff9fc78cfff monitored = 0 entry_point = 0x7ff9fc75e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 693 start_va = 0x7ff9fdf20000 end_va = 0x7ff9fdf9ffff monitored = 0 entry_point = 0x7ff9fdf4d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 694 start_va = 0x7ff9fdfa0000 end_va = 0x7ff9fdfd5fff monitored = 0 entry_point = 0x7ff9fdfa27f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 695 start_va = 0x7ff9fe460000 end_va = 0x7ff9fe49efff monitored = 0 entry_point = 0x7ff9fe4882d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 696 start_va = 0x7ff9fe4f0000 end_va = 0x7ff9fe4f7fff monitored = 0 entry_point = 0x7ff9fe4f13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 697 start_va = 0x7ff9fe520000 end_va = 0x7ff9fe563fff monitored = 0 entry_point = 0x7ff9fe5483e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 698 start_va = 0x7ff9ff240000 end_va = 0x7ff9ff253fff monitored = 0 entry_point = 0x7ff9ff242a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 699 start_va = 0x7ff9ff2c0000 end_va = 0x7ff9ff326fff monitored = 0 entry_point = 0x7ff9ff2cb160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 700 start_va = 0x7ff9ff3a0000 end_va = 0x7ff9ff3b0fff monitored = 0 entry_point = 0x7ff9ff3a28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 701 start_va = 0x7ff9ff3c0000 end_va = 0x7ff9ff3f1fff monitored = 0 entry_point = 0x7ff9ff3cb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 702 start_va = 0x7ff9ffc60000 end_va = 0x7ff9ffc76fff monitored = 0 entry_point = 0x7ff9ffc67520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 703 start_va = 0x7ffa000e0000 end_va = 0x7ffa001eefff monitored = 0 entry_point = 0x7ffa0011c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 704 start_va = 0x7ffa00360000 end_va = 0x7ffa0047cfff monitored = 0 entry_point = 0x7ffa0038fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 705 start_va = 0x7ffa01270000 end_va = 0x7ffa0128cfff monitored = 0 entry_point = 0x7ffa01274f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 706 start_va = 0x7ffa01690000 end_va = 0x7ffa016a3fff monitored = 0 entry_point = 0x7ffa01693710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 707 start_va = 0x7ffa01740000 end_va = 0x7ffa0175dfff monitored = 0 entry_point = 0x7ffa0174ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 708 start_va = 0x7ffa069a0000 end_va = 0x7ffa069b5fff monitored = 0 entry_point = 0x7ffa069a1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 709 start_va = 0x7ffa07a20000 end_va = 0x7ffa07a30fff monitored = 0 entry_point = 0x7ffa07a27480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 710 start_va = 0x7ffa07a40000 end_va = 0x7ffa07ac3fff monitored = 0 entry_point = 0x7ffa07a58d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 711 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 712 start_va = 0x7ffa07af0000 end_va = 0x7ffa07bc5fff monitored = 0 entry_point = 0x7ffa07b1a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 713 start_va = 0x7ffa07c20000 end_va = 0x7ffa07c83fff monitored = 0 entry_point = 0x7ffa07c3bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 714 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 715 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 716 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 717 start_va = 0x7ffa07de0000 end_va = 0x7ffa07e53fff monitored = 0 entry_point = 0x7ffa07df5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 718 start_va = 0x7ffa07e60000 end_va = 0x7ffa07f96fff monitored = 0 entry_point = 0x7ffa07ea0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 719 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 720 start_va = 0x7ffa083b0000 end_va = 0x7ffa083cdfff monitored = 0 entry_point = 0x7ffa083b3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 721 start_va = 0x7ffa083d0000 end_va = 0x7ffa08451fff monitored = 0 entry_point = 0x7ffa083d2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 722 start_va = 0x7ffa08460000 end_va = 0x7ffa08475fff monitored = 0 entry_point = 0x7ffa08461af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 723 start_va = 0x7ffa08480000 end_va = 0x7ffa08499fff monitored = 0 entry_point = 0x7ffa08482330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 724 start_va = 0x7ffa088d0000 end_va = 0x7ffa08915fff monitored = 0 entry_point = 0x7ffa088d79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 725 start_va = 0x7ffa08940000 end_va = 0x7ffa0894efff monitored = 0 entry_point = 0x7ffa08944960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 726 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 727 start_va = 0x7ffa08a10000 end_va = 0x7ffa08a4ffff monitored = 0 entry_point = 0x7ffa08a1cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 728 start_va = 0x7ffa08a50000 end_va = 0x7ffa08a96fff monitored = 0 entry_point = 0x7ffa08a51d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 729 start_va = 0x7ffa08ae0000 end_va = 0x7ffa08b21fff monitored = 0 entry_point = 0x7ffa08ae3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 730 start_va = 0x7ffa08e00000 end_va = 0x7ffa08e1efff monitored = 0 entry_point = 0x7ffa08e037e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 731 start_va = 0x7ffa08e20000 end_va = 0x7ffa08e98fff monitored = 0 entry_point = 0x7ffa08e276a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 732 start_va = 0x7ffa08eb0000 end_va = 0x7ffa08eeffff monitored = 0 entry_point = 0x7ffa08ec6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 733 start_va = 0x7ffa08f10000 end_va = 0x7ffa08f27fff monitored = 0 entry_point = 0x7ffa08f14e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 734 start_va = 0x7ffa08f30000 end_va = 0x7ffa08f54fff monitored = 0 entry_point = 0x7ffa08f35ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 735 start_va = 0x7ffa08f60000 end_va = 0x7ffa090e1fff monitored = 0 entry_point = 0x7ffa08f782a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 736 start_va = 0x7ffa090f0000 end_va = 0x7ffa09192fff monitored = 0 entry_point = 0x7ffa090f2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 737 start_va = 0x7ffa091a0000 end_va = 0x7ffa091f1fff monitored = 0 entry_point = 0x7ffa091a5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 738 start_va = 0x7ffa09200000 end_va = 0x7ffa0922dfff monitored = 1 entry_point = 0x7ffa09202300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 739 start_va = 0x7ffa09230000 end_va = 0x7ffa0928dfff monitored = 0 entry_point = 0x7ffa09235080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 740 start_va = 0x7ffa09290000 end_va = 0x7ffa092affff monitored = 0 entry_point = 0x7ffa09291f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 741 start_va = 0x7ffa092b0000 end_va = 0x7ffa092b8fff monitored = 0 entry_point = 0x7ffa092b18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 742 start_va = 0x7ffa092c0000 end_va = 0x7ffa092d0fff monitored = 0 entry_point = 0x7ffa092c1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 743 start_va = 0x7ffa09330000 end_va = 0x7ffa09347fff monitored = 0 entry_point = 0x7ffa09332000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 744 start_va = 0x7ffa09350000 end_va = 0x7ffa09390fff monitored = 0 entry_point = 0x7ffa09353750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 745 start_va = 0x7ffa09430000 end_va = 0x7ffa0947bfff monitored = 0 entry_point = 0x7ffa09445310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 746 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 0 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 747 start_va = 0x7ffa09510000 end_va = 0x7ffa0954bfff monitored = 0 entry_point = 0x7ffa09516aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 748 start_va = 0x7ffa09c80000 end_va = 0x7ffa09c88fff monitored = 0 entry_point = 0x7ffa09c821d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 749 start_va = 0x7ffa09c90000 end_va = 0x7ffa09cc4fff monitored = 0 entry_point = 0x7ffa09c9a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 750 start_va = 0x7ffa0a560000 end_va = 0x7ffa0a652fff monitored = 0 entry_point = 0x7ffa0a585d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 751 start_va = 0x7ffa0ac50000 end_va = 0x7ffa0ac59fff monitored = 0 entry_point = 0x7ffa0ac514c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 752 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 753 start_va = 0x7ffa0b050000 end_va = 0x7ffa0b06afff monitored = 0 entry_point = 0x7ffa0b051040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 754 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 755 start_va = 0x7ffa0b320000 end_va = 0x7ffa0b32dfff monitored = 0 entry_point = 0x7ffa0b321460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 756 start_va = 0x7ffa0b330000 end_va = 0x7ffa0b33bfff monitored = 0 entry_point = 0x7ffa0b332830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 757 start_va = 0x7ffa0b340000 end_va = 0x7ffa0b34ffff monitored = 0 entry_point = 0x7ffa0b341700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 758 start_va = 0x7ffa0b350000 end_va = 0x7ffa0b358fff monitored = 0 entry_point = 0x7ffa0b351ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 759 start_va = 0x7ffa0b360000 end_va = 0x7ffa0b38cfff monitored = 0 entry_point = 0x7ffa0b362290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 760 start_va = 0x7ffa0b390000 end_va = 0x7ffa0b3e1fff monitored = 0 entry_point = 0x7ffa0b3938e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 761 start_va = 0x7ffa0b4a0000 end_va = 0x7ffa0b4b4fff monitored = 0 entry_point = 0x7ffa0b4a3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 762 start_va = 0x7ffa0b4c0000 end_va = 0x7ffa0b559fff monitored = 0 entry_point = 0x7ffa0b4dada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 763 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 764 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 765 start_va = 0x7ffa0b800000 end_va = 0x7ffa0b8bffff monitored = 0 entry_point = 0x7ffa0b82fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 766 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 767 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 768 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 769 start_va = 0x7ffa0bbe0000 end_va = 0x7ffa0bc8dfff monitored = 0 entry_point = 0x7ffa0bbf80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 770 start_va = 0x7ffa0bc90000 end_va = 0x7ffa0bca1fff monitored = 0 entry_point = 0x7ffa0bc99260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 771 start_va = 0x7ffa0bcb0000 end_va = 0x7ffa0bd60fff monitored = 0 entry_point = 0x7ffa0bd288b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 772 start_va = 0x7ffa0bd70000 end_va = 0x7ffa0bd83fff monitored = 0 entry_point = 0x7ffa0bd72d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 773 start_va = 0x7ffa0c070000 end_va = 0x7ffa0c102fff monitored = 0 entry_point = 0x7ffa0c079680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 774 start_va = 0x7ffa0c2b0000 end_va = 0x7ffa0c2d4fff monitored = 0 entry_point = 0x7ffa0c2c2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 775 start_va = 0x7ffa0c2e0000 end_va = 0x7ffa0c2f0fff monitored = 0 entry_point = 0x7ffa0c2e7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 776 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 777 start_va = 0x7ffa0ca80000 end_va = 0x7ffa0ca99fff monitored = 0 entry_point = 0x7ffa0ca82cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 778 start_va = 0x7ffa0ce40000 end_va = 0x7ffa0d1c1fff monitored = 0 entry_point = 0x7ffa0ce91220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 779 start_va = 0x7ffa0e2c0000 end_va = 0x7ffa0e3cdfff monitored = 0 entry_point = 0x7ffa0e30eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 780 start_va = 0x7ffa0e440000 end_va = 0x7ffa0e451fff monitored = 0 entry_point = 0x7ffa0e441a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 781 start_va = 0x7ffa0e460000 end_va = 0x7ffa0e477fff monitored = 0 entry_point = 0x7ffa0e46b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 782 start_va = 0x7ffa0e6d0000 end_va = 0x7ffa0e724fff monitored = 0 entry_point = 0x7ffa0e6d3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 783 start_va = 0x7ffa0e730000 end_va = 0x7ffa0e766fff monitored = 0 entry_point = 0x7ffa0e736020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 784 start_va = 0x7ffa0e770000 end_va = 0x7ffa0e78ffff monitored = 0 entry_point = 0x7ffa0e7739a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 785 start_va = 0x7ffa0e790000 end_va = 0x7ffa0e7a6fff monitored = 0 entry_point = 0x7ffa0e795630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 786 start_va = 0x7ffa0e7b0000 end_va = 0x7ffa0e7c2fff monitored = 0 entry_point = 0x7ffa0e7b57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 787 start_va = 0x7ffa0e7d0000 end_va = 0x7ffa0e849fff monitored = 0 entry_point = 0x7ffa0e7f7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 788 start_va = 0x7ffa0e850000 end_va = 0x7ffa0e87dfff monitored = 0 entry_point = 0x7ffa0e857550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 789 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 790 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 791 start_va = 0x7ffa0ead0000 end_va = 0x7ffa0eb10fff monitored = 0 entry_point = 0x7ffa0ead4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 792 start_va = 0x7ffa0eb20000 end_va = 0x7ffa0eb2bfff monitored = 0 entry_point = 0x7ffa0eb214d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 793 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 794 start_va = 0x7ffa0ec70000 end_va = 0x7ffa0ed55fff monitored = 0 entry_point = 0x7ffa0ec8cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 795 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 796 start_va = 0x7ffa0ee30000 end_va = 0x7ffa0ee90fff monitored = 0 entry_point = 0x7ffa0ee34b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 797 start_va = 0x7ffa0eea0000 end_va = 0x7ffa0f01bfff monitored = 0 entry_point = 0x7ffa0eef1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 798 start_va = 0x7ffa0f020000 end_va = 0x7ffa0f02afff monitored = 0 entry_point = 0x7ffa0f021770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 799 start_va = 0x7ffa0f030000 end_va = 0x7ffa0f06dfff monitored = 0 entry_point = 0x7ffa0f03a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 800 start_va = 0x7ffa0f070000 end_va = 0x7ffa0f096fff monitored = 0 entry_point = 0x7ffa0f073bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 801 start_va = 0x7ffa0f0f0000 end_va = 0x7ffa0f144fff monitored = 0 entry_point = 0x7ffa0f0ffc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 802 start_va = 0x7ffa0f190000 end_va = 0x7ffa0f221fff monitored = 0 entry_point = 0x7ffa0f1da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 803 start_va = 0x7ffa0f2b0000 end_va = 0x7ffa0f2bcfff monitored = 0 entry_point = 0x7ffa0f2b1420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 804 start_va = 0x7ffa0f2d0000 end_va = 0x7ffa0f2dffff monitored = 0 entry_point = 0x7ffa0f2d2c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 805 start_va = 0x7ffa0f2e0000 end_va = 0x7ffa0f2ecfff monitored = 0 entry_point = 0x7ffa0f2e2ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 806 start_va = 0x7ffa0f2f0000 end_va = 0x7ffa0f31efff monitored = 0 entry_point = 0x7ffa0f2f8910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 807 start_va = 0x7ffa0f320000 end_va = 0x7ffa0f33efff monitored = 0 entry_point = 0x7ffa0f324960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 808 start_va = 0x7ffa0f370000 end_va = 0x7ffa0f3ddfff monitored = 0 entry_point = 0x7ffa0f377f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 809 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 810 start_va = 0x7ffa0f430000 end_va = 0x7ffa0f465fff monitored = 0 entry_point = 0x7ffa0f440070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 811 start_va = 0x7ffa0fc30000 end_va = 0x7ffa0fc70fff monitored = 0 entry_point = 0x7ffa0fc47eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 812 start_va = 0x7ffa0fc80000 end_va = 0x7ffa0fd7bfff monitored = 0 entry_point = 0x7ffa0fcb6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 813 start_va = 0x7ffa0fe10000 end_va = 0x7ffa0fecefff monitored = 0 entry_point = 0x7ffa0fe31c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 814 start_va = 0x7ffa0ff20000 end_va = 0x7ffa0ff29fff monitored = 0 entry_point = 0x7ffa0ff21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 815 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 816 start_va = 0x7ffa0ff50000 end_va = 0x7ffa1009cfff monitored = 0 entry_point = 0x7ffa0ff93da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 817 start_va = 0x7ffa10cc0000 end_va = 0x7ffa11152fff monitored = 0 entry_point = 0x7ffa10ccf760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 818 start_va = 0x7ffa11160000 end_va = 0x7ffa111c6fff monitored = 0 entry_point = 0x7ffa1117e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 819 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 820 start_va = 0x7ffa113b0000 end_va = 0x7ffa113cbfff monitored = 0 entry_point = 0x7ffa113b37a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 821 start_va = 0x7ffa113d0000 end_va = 0x7ffa113dafff monitored = 0 entry_point = 0x7ffa113d1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 822 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 823 start_va = 0x7ffa114c0000 end_va = 0x7ffa114c9fff monitored = 0 entry_point = 0x7ffa114c1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 824 start_va = 0x7ffa11560000 end_va = 0x7ffa11577fff monitored = 0 entry_point = 0x7ffa11561b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 825 start_va = 0x7ffa11580000 end_va = 0x7ffa115f8fff monitored = 0 entry_point = 0x7ffa1159fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 826 start_va = 0x7ffa11600000 end_va = 0x7ffa11607fff monitored = 0 entry_point = 0x7ffa116013e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 827 start_va = 0x7ffa11640000 end_va = 0x7ffa1167ffff monitored = 0 entry_point = 0x7ffa11651960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 828 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 829 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 830 start_va = 0x7ffa118b0000 end_va = 0x7ffa119affff monitored = 0 entry_point = 0x7ffa118f0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 831 start_va = 0x7ffa11a40000 end_va = 0x7ffa11a4bfff monitored = 0 entry_point = 0x7ffa11a42480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 832 start_va = 0x7ffa11b10000 end_va = 0x7ffa11b41fff monitored = 0 entry_point = 0x7ffa11b22340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 833 start_va = 0x7ffa11d80000 end_va = 0x7ffa11d8bfff monitored = 0 entry_point = 0x7ffa11d82790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 834 start_va = 0x7ffa11d90000 end_va = 0x7ffa11db3fff monitored = 0 entry_point = 0x7ffa11d93260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 835 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 836 start_va = 0x7ffa12080000 end_va = 0x7ffa120c8fff monitored = 0 entry_point = 0x7ffa1208a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 837 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 838 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 839 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 840 start_va = 0x7ffa123a0000 end_va = 0x7ffa123d3fff monitored = 0 entry_point = 0x7ffa123bae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 841 start_va = 0x7ffa123e0000 end_va = 0x7ffa123e9fff monitored = 0 entry_point = 0x7ffa123e1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 842 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 843 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 844 start_va = 0x7ffa12710000 end_va = 0x7ffa12726fff monitored = 0 entry_point = 0x7ffa127179d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 845 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 846 start_va = 0x7ffa12870000 end_va = 0x7ffa12890fff monitored = 0 entry_point = 0x7ffa12880250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 847 start_va = 0x7ffa128c0000 end_va = 0x7ffa128f9fff monitored = 0 entry_point = 0x7ffa128c8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 848 start_va = 0x7ffa12900000 end_va = 0x7ffa12926fff monitored = 0 entry_point = 0x7ffa12910aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 849 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 850 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 851 start_va = 0x7ffa12c00000 end_va = 0x7ffa12c18fff monitored = 0 entry_point = 0x7ffa12c05e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 852 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 853 start_va = 0x7ffa12c50000 end_va = 0x7ffa12ce8fff monitored = 0 entry_point = 0x7ffa12c7f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 854 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 855 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 856 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 857 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 858 start_va = 0x7ffa12e20000 end_va = 0x7ffa12e74fff monitored = 0 entry_point = 0x7ffa12e37970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 859 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 860 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 861 start_va = 0x7ffa13110000 end_va = 0x7ffa13126fff monitored = 0 entry_point = 0x7ffa13111390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 862 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 863 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 864 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 865 start_va = 0x7ffa133e0000 end_va = 0x7ffa13465fff monitored = 0 entry_point = 0x7ffa133ed8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 866 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 867 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 868 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 869 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 870 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 871 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 872 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 873 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 874 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 875 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 876 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 877 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 878 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 879 start_va = 0x7ffa14c00000 end_va = 0x7ffa15028fff monitored = 0 entry_point = 0x7ffa14c28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 880 start_va = 0x7ffa15030000 end_va = 0x7ffa1508bfff monitored = 0 entry_point = 0x7ffa1504b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 881 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 882 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 883 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 884 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 977 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 978 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 979 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 1070 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1103 start_va = 0x5e0000 end_va = 0x5e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1105 start_va = 0x5e0000 end_va = 0x5e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1284 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 1726 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1727 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1731 start_va = 0xd40000 end_va = 0xd52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 1733 start_va = 0x8500000 end_va = 0x85fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008500000" filename = "" Region: id = 1734 start_va = 0x8600000 end_va = 0x86fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008600000" filename = "" Region: id = 1741 start_va = 0xd40000 end_va = 0xd52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 1743 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1744 start_va = 0x5e0000 end_va = 0x5e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1745 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1903 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1911 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1939 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1944 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 2083 start_va = 0x8700000 end_va = 0x87fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008700000" filename = "" Region: id = 2087 start_va = 0x8800000 end_va = 0x88fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008800000" filename = "" Region: id = 2088 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2089 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2090 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2091 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2092 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2093 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2094 start_va = 0x5e0000 end_va = 0x5e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 2096 start_va = 0x5e0000 end_va = 0x5e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Thread: id = 15 os_tid = 0x8d8 Thread: id = 16 os_tid = 0xd04 Thread: id = 17 os_tid = 0x12a0 Thread: id = 18 os_tid = 0x11e4 Thread: id = 19 os_tid = 0x1168 Thread: id = 20 os_tid = 0x1164 Thread: id = 21 os_tid = 0x1154 Thread: id = 22 os_tid = 0x110c Thread: id = 23 os_tid = 0x102c Thread: id = 24 os_tid = 0x610 Thread: id = 25 os_tid = 0x4b8 Thread: id = 26 os_tid = 0x498 Thread: id = 27 os_tid = 0x9dc Thread: id = 28 os_tid = 0x66c Thread: id = 29 os_tid = 0x630 Thread: id = 30 os_tid = 0x644 Thread: id = 31 os_tid = 0x61c Thread: id = 32 os_tid = 0xae8 Thread: id = 33 os_tid = 0x524 Thread: id = 34 os_tid = 0xaa0 Thread: id = 35 os_tid = 0xab8 Thread: id = 36 os_tid = 0x3b4 Thread: id = 37 os_tid = 0x564 Thread: id = 38 os_tid = 0x51c Thread: id = 39 os_tid = 0x14c Thread: id = 40 os_tid = 0x6fc Thread: id = 41 os_tid = 0x63c Thread: id = 42 os_tid = 0x320 Thread: id = 43 os_tid = 0x45c Thread: id = 44 os_tid = 0x18c Thread: id = 45 os_tid = 0x820 Thread: id = 46 os_tid = 0x6e4 Thread: id = 47 os_tid = 0x82c Thread: id = 48 os_tid = 0x824 Thread: id = 49 os_tid = 0x72c Thread: id = 50 os_tid = 0x81c Thread: id = 51 os_tid = 0xa08 Thread: id = 52 os_tid = 0xaa4 Thread: id = 53 os_tid = 0x89c Thread: id = 54 os_tid = 0xbac Thread: id = 55 os_tid = 0x404 Thread: id = 56 os_tid = 0xb88 Thread: id = 57 os_tid = 0x658 Thread: id = 58 os_tid = 0x5ec Thread: id = 59 os_tid = 0x780 Thread: id = 60 os_tid = 0x5ac Thread: id = 61 os_tid = 0x728 Thread: id = 62 os_tid = 0x5e0 Thread: id = 63 os_tid = 0x508 Thread: id = 64 os_tid = 0x428 Thread: id = 65 os_tid = 0x4f8 Thread: id = 66 os_tid = 0x7e4 Thread: id = 67 os_tid = 0x7e0 Thread: id = 68 os_tid = 0x7dc Thread: id = 69 os_tid = 0x7d8 Thread: id = 70 os_tid = 0x7cc Thread: id = 71 os_tid = 0x7c4 Thread: id = 72 os_tid = 0x7b0 Thread: id = 73 os_tid = 0x788 Thread: id = 74 os_tid = 0x744 Thread: id = 75 os_tid = 0x448 Thread: id = 76 os_tid = 0x6f8 Thread: id = 77 os_tid = 0x6d4 Thread: id = 78 os_tid = 0x648 Thread: id = 79 os_tid = 0x640 Thread: id = 80 os_tid = 0x62c Thread: id = 81 os_tid = 0x534 Thread: id = 82 os_tid = 0x530 Thread: id = 83 os_tid = 0x4a8 Thread: id = 84 os_tid = 0x2ac Thread: id = 85 os_tid = 0x270 Thread: id = 86 os_tid = 0x154 Thread: id = 87 os_tid = 0x1b8 Thread: id = 88 os_tid = 0x1bc Thread: id = 89 os_tid = 0x180 Thread: id = 90 os_tid = 0x188 Thread: id = 91 os_tid = 0x148 Thread: id = 92 os_tid = 0x12c Thread: id = 93 os_tid = 0xfc Thread: id = 94 os_tid = 0x60 Thread: id = 95 os_tid = 0x3f0 Thread: id = 96 os_tid = 0x3e8 Thread: id = 97 os_tid = 0x364 Thread: id = 115 os_tid = 0x1128 Thread: id = 116 os_tid = 0x106c Thread: id = 117 os_tid = 0xcf8 Thread: id = 121 os_tid = 0x105c Thread: id = 123 os_tid = 0x1214 Thread: id = 124 os_tid = 0x1208 Thread: id = 158 os_tid = 0x128 Thread: id = 162 os_tid = 0x3a8 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x109fb000" os_pid = "0x114c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004de89" [0xc000000f] Region: id = 980 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 981 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 982 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 983 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 984 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 985 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 986 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 987 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 988 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 989 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 990 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 991 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 992 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 993 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 994 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 995 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 996 start_va = 0x4c0000 end_va = 0x4c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 997 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 998 start_va = 0x5e0000 end_va = 0x767fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 999 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1000 start_va = 0x780000 end_va = 0xab6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1001 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 1002 start_va = 0xc50000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 1003 start_va = 0xd10000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1004 start_va = 0xd90000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 1005 start_va = 0xe90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1006 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1007 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1008 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1009 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1010 start_va = 0x1110000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 1011 start_va = 0x1190000 end_va = 0x120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1012 start_va = 0x1210000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 1013 start_va = 0x1320000 end_va = 0x1322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1014 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1015 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1016 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1017 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1018 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1019 start_va = 0x7ff7aedf0000 end_va = 0x7ff7aee6ffff monitored = 0 entry_point = 0x7ff7aee05f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1020 start_va = 0x7ff9fc400000 end_va = 0x7ff9fc5cefff monitored = 1 entry_point = 0x7ff9fc427df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1021 start_va = 0x7ff9fe4a0000 end_va = 0x7ff9fe4adfff monitored = 0 entry_point = 0x7ff9fe4a1da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1022 start_va = 0x7ff9fe500000 end_va = 0x7ff9fe513fff monitored = 0 entry_point = 0x7ff9fe501310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1023 start_va = 0x7ff9ff260000 end_va = 0x7ff9ff26afff monitored = 0 entry_point = 0x7ff9ff2612b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1024 start_va = 0x7ffa06830000 end_va = 0x7ffa06855fff monitored = 0 entry_point = 0x7ffa06831cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1025 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1026 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1027 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1028 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1029 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1030 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1031 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 1 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1032 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1033 start_va = 0x7ffa0be70000 end_va = 0x7ffa0bebdfff monitored = 0 entry_point = 0x7ffa0be81ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1034 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1035 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1036 start_va = 0x7ffa0f030000 end_va = 0x7ffa0f06dfff monitored = 0 entry_point = 0x7ffa0f03a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1037 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1038 start_va = 0x7ffa0ff20000 end_va = 0x7ffa0ff29fff monitored = 0 entry_point = 0x7ffa0ff21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1039 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1040 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1041 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1042 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1043 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1044 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1045 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1046 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1047 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1048 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1049 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1050 start_va = 0x7ffa13110000 end_va = 0x7ffa13126fff monitored = 0 entry_point = 0x7ffa13111390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1051 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1052 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1053 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1054 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1055 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1056 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1057 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1058 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1059 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1060 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1061 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1062 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1063 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1064 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1065 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1071 start_va = 0x400000 end_va = 0x402fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1106 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1107 start_va = 0x1330000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 1108 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1109 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1110 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1111 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1112 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1113 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1114 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1115 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1116 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1117 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1118 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1119 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1120 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 1121 start_va = 0x1430000 end_va = 0x14ebfff monitored = 0 entry_point = 0x146c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 1122 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 1123 start_va = 0x1430000 end_va = 0x14ebfff monitored = 0 entry_point = 0x146c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 1124 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1125 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1126 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1127 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1128 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1129 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1130 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1131 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1132 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1133 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1134 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1135 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1136 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1137 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1138 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1139 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1140 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1141 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1142 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1143 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1144 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1145 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1146 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1147 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1148 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1149 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1150 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1151 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1152 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1153 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1154 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1155 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1156 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1157 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1158 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1159 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1160 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1161 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1162 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1163 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1164 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1165 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1166 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1167 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1168 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1169 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1170 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1171 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1172 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1173 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1174 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1175 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1176 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1177 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1178 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1179 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1180 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1181 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1182 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1183 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1184 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1185 start_va = 0x1430000 end_va = 0x1511fff monitored = 0 entry_point = 0x148d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1186 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1187 start_va = 0x1430000 end_va = 0x1511fff monitored = 0 entry_point = 0x148d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1188 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1189 start_va = 0x1430000 end_va = 0x1513fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1190 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1191 start_va = 0x1430000 end_va = 0x1513fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1192 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1193 start_va = 0x1430000 end_va = 0x14c2fff monitored = 0 entry_point = 0x14a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1194 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1195 start_va = 0x1430000 end_va = 0x14c2fff monitored = 0 entry_point = 0x14a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1196 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1197 start_va = 0x1430000 end_va = 0x14d0fff monitored = 0 entry_point = 0x14c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1198 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1199 start_va = 0x1430000 end_va = 0x14d0fff monitored = 0 entry_point = 0x14c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1200 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1201 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1202 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1203 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1204 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1205 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1206 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1207 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1208 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1209 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1210 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1211 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1212 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1213 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1214 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1215 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1216 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1217 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1218 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1219 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1220 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1221 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1222 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1223 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1224 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1225 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1226 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1227 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1228 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1229 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1230 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1231 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1232 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1233 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1234 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1235 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1236 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1237 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1238 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1239 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1240 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1241 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1242 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1243 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1244 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1245 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1246 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1247 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1248 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1249 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1250 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1251 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1252 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1253 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1254 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1255 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1256 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1257 start_va = 0x1430000 end_va = 0x153efff monitored = 0 entry_point = 0x146c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1258 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1259 start_va = 0x1430000 end_va = 0x153efff monitored = 0 entry_point = 0x146c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1260 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1261 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1262 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1263 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1264 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1265 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1266 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1267 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1268 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1269 start_va = 0x1430000 end_va = 0x1686fff monitored = 0 entry_point = 0x163ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1270 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1271 start_va = 0x1430000 end_va = 0x1686fff monitored = 0 entry_point = 0x163ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1272 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1273 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1274 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1275 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1276 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1277 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1278 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1279 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1280 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1281 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1282 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1283 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1285 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1286 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1287 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1288 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1289 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1290 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1291 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1292 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1293 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1294 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1295 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1296 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1297 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1298 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1299 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1300 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1301 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1302 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1303 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1304 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1305 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1306 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1307 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1308 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1309 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1310 start_va = 0x1430000 end_va = 0x1504fff monitored = 0 entry_point = 0x145e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1311 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1312 start_va = 0x1430000 end_va = 0x1504fff monitored = 0 entry_point = 0x145e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1313 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1314 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1315 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1316 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1317 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1318 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1319 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1320 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1321 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1322 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1323 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1324 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1325 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1326 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1327 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1328 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1329 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1330 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1331 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1332 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1333 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1334 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1335 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1336 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1337 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1338 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1339 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1340 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1341 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1342 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1343 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1344 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1345 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1346 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1347 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1348 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1349 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1350 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1351 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1352 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1353 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1354 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1355 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1356 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1357 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1358 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1359 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1360 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1361 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1362 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1363 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1364 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1365 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1366 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1367 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1368 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1369 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1370 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1371 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1372 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1373 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1374 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1375 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1376 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1377 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1378 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1379 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1380 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1381 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1382 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1383 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1384 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1385 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1386 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1387 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1388 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1389 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1390 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1391 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1392 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1393 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1394 start_va = 0x1430000 end_va = 0x14a1fff monitored = 0 entry_point = 0x1487000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1395 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1396 start_va = 0x1430000 end_va = 0x14a1fff monitored = 0 entry_point = 0x1487000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1397 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 1398 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 1399 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 1400 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 1401 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1402 start_va = 0x1430000 end_va = 0x1618fff monitored = 0 entry_point = 0x14315f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1403 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1404 start_va = 0x1430000 end_va = 0x1618fff monitored = 0 entry_point = 0x14315f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1405 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1406 start_va = 0x1430000 end_va = 0x1489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1407 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1408 start_va = 0x1430000 end_va = 0x1489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1409 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 1410 start_va = 0x1430000 end_va = 0x150ffff monitored = 0 entry_point = 0x14c2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 1411 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 1412 start_va = 0x1430000 end_va = 0x150ffff monitored = 0 entry_point = 0x14c2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 1413 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1414 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1415 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1416 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1417 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1418 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1419 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1420 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1421 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1422 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1423 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1424 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1425 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 1426 start_va = 0x1430000 end_va = 0x14ebfff monitored = 0 entry_point = 0x146c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 1427 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 1428 start_va = 0x1430000 end_va = 0x14ebfff monitored = 0 entry_point = 0x146c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 1429 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1430 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1431 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1432 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1433 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1434 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1435 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1436 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1437 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1438 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1439 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1440 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1441 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1442 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1443 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1444 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1445 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1446 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1447 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1448 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1449 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1450 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1451 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1452 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1453 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1454 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1455 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1456 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1457 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1458 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1459 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1460 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1461 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1462 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1463 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1464 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1465 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1466 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1467 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1468 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1469 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1470 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1471 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1472 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1473 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1474 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1475 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1476 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1477 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1478 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1479 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1480 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1481 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1482 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1483 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1484 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1485 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1486 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1487 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1488 start_va = 0x1430000 end_va = 0x144cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 1489 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1490 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1491 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 1492 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 1493 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1494 start_va = 0x1430000 end_va = 0x1511fff monitored = 0 entry_point = 0x148d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1495 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 1496 start_va = 0x1430000 end_va = 0x1511fff monitored = 0 entry_point = 0x148d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 1497 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1498 start_va = 0x1430000 end_va = 0x1513fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1499 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1500 start_va = 0x1430000 end_va = 0x1513fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1501 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1502 start_va = 0x1430000 end_va = 0x14c2fff monitored = 0 entry_point = 0x14a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1503 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 1504 start_va = 0x1430000 end_va = 0x14c2fff monitored = 0 entry_point = 0x14a9000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 1505 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1506 start_va = 0x1430000 end_va = 0x14d0fff monitored = 0 entry_point = 0x14c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1507 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 1508 start_va = 0x1430000 end_va = 0x14d0fff monitored = 0 entry_point = 0x14c3000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 1509 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1510 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1511 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1512 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1513 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1514 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1515 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 1516 start_va = 0x1430000 end_va = 0x14b5fff monitored = 0 entry_point = 0x14a1000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 1517 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1518 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1519 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1520 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1521 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1522 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1523 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 1524 start_va = 0x1430000 end_va = 0x14e7fff monitored = 0 entry_point = 0x1431d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 1525 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1526 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1527 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1528 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1529 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1530 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1531 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1532 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1533 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1534 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1535 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1536 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1537 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1538 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1539 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1540 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1541 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1542 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1543 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1544 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1545 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1546 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1547 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1548 start_va = 0x1430000 end_va = 0x1522fff monitored = 0 entry_point = 0x1455d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1549 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 1550 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 1551 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1552 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1553 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1554 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1555 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1556 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1557 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1558 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1559 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1560 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1561 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1562 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1563 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 1564 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 1565 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1566 start_va = 0x1430000 end_va = 0x153efff monitored = 0 entry_point = 0x146c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1567 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1568 start_va = 0x1430000 end_va = 0x153efff monitored = 0 entry_point = 0x146c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1569 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1570 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1571 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1572 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1573 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1574 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1575 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 1576 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 1577 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1578 start_va = 0x1430000 end_va = 0x1686fff monitored = 0 entry_point = 0x163ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1579 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 1580 start_va = 0x1430000 end_va = 0x1686fff monitored = 0 entry_point = 0x163ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 1581 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1582 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1583 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1584 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1585 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1586 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1587 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1588 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1589 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1590 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1591 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 1592 start_va = 0x1430000 end_va = 0x1540fff monitored = 0 entry_point = 0x1521bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 1593 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1594 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1595 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1596 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1597 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 1598 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 1599 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1600 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1601 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1602 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1603 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1604 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1605 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 1606 start_va = 0x1430000 end_va = 0x1837fff monitored = 0 entry_point = 0x14fe3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 1607 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1608 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1609 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1610 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1611 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1612 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1613 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1614 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1615 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1616 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1617 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 1618 start_va = 0x1430000 end_va = 0x14defff monitored = 0 entry_point = 0x14a7000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 1619 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1620 start_va = 0x1430000 end_va = 0x1504fff monitored = 0 entry_point = 0x145e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1621 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 1622 start_va = 0x1430000 end_va = 0x1504fff monitored = 0 entry_point = 0x145e0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 1623 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1624 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1625 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1626 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1627 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1628 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1629 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1630 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1631 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1632 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1633 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 1634 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 1635 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1636 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1637 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 1638 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 1639 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1640 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1641 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1642 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1643 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1644 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1645 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1646 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1647 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1648 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1649 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1650 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1651 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1652 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1653 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1654 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1655 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1656 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1657 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1658 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1659 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1660 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1661 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1662 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1663 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1664 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1665 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1666 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1667 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1668 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1669 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1670 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1671 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1672 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1673 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 1674 start_va = 0x1430000 end_va = 0x154ffff monitored = 0 entry_point = 0x152c040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 1675 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1676 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1677 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1678 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1679 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1680 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1681 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1682 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1683 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1684 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1685 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1686 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1687 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1688 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1689 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1690 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1691 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1692 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1693 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1694 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1695 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1696 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1697 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1698 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1699 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1700 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1701 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1702 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1703 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 1704 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 1705 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1706 start_va = 0x1430000 end_va = 0x14a1fff monitored = 0 entry_point = 0x1487000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1707 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 1708 start_va = 0x1430000 end_va = 0x14a1fff monitored = 0 entry_point = 0x1487000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 1709 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 1710 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 1711 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 1712 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 1713 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1714 start_va = 0x1430000 end_va = 0x1618fff monitored = 0 entry_point = 0x14315f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1715 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 1716 start_va = 0x1430000 end_va = 0x1618fff monitored = 0 entry_point = 0x14315f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 1717 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1718 start_va = 0x1430000 end_va = 0x1489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1719 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 1720 start_va = 0x1430000 end_va = 0x1489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 1721 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 1722 start_va = 0x1430000 end_va = 0x150ffff monitored = 0 entry_point = 0x14c2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 1723 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 1724 start_va = 0x1430000 end_va = 0x150ffff monitored = 0 entry_point = 0x14c2eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 1725 start_va = 0x7ffa0b9e0000 end_va = 0x7ffa0b9edfff monitored = 0 entry_point = 0x7ffa0b9e2b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 1735 start_va = 0x410000 end_va = 0x412fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1736 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1737 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1738 start_va = 0x1430000 end_va = 0x14affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 1739 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1740 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1742 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1909 start_va = 0x420000 end_va = 0x423fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1910 start_va = 0x14b0000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Thread: id = 98 os_tid = 0x1198 Thread: id = 99 os_tid = 0x1194 [0147.438] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0147.578] RtlRestoreLastWin32Error () returned 0x385000 [0147.578] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010) returned 1 [0147.579] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x508880 [0147.579] RtlRestoreLastWin32Error () returned 0x385000 [0147.579] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x508880, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x508880, pcchLanguagesBuffer=0x118e010) returned 1 [0147.579] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x5088b0 [0147.579] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x508880) returned 1 [0147.579] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x14) returned 0x527560 [0147.579] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x527560, pulNumLanguages=0x118e118 | out: pulNumLanguages=0x118e118) returned 1 [0147.579] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x527560) returned 1 [0147.736] LoadStringW (in: hInstance=0x7ff9fc400000, uID=0x3e, lpBuffer=0x118d6c0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa [0147.738] lstrlenW (lpString="Dell Inc.") returned 9 [0147.739] lstrlenW (lpString="0G3HR7") returned 6 [0147.739] lstrlenW (lpString="A00") returned 3 [0147.740] lstrlenW (lpString="..XXXXXXXXXXXXX.") returned 16 [0147.790] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x4) returned 0x508880 [0147.790] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x508880, pulNumLanguages=0x118e1c0 | out: pulNumLanguages=0x118e1c0) returned 1 [0147.790] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x508880) returned 1 [0147.790] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5088b0) returned 1 [0150.195] RtlRestoreLastWin32Error () returned 0x385000 [0150.195] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010) returned 1 [0150.195] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x508880 [0150.196] RtlRestoreLastWin32Error () returned 0x385000 [0150.196] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x508880, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x508880, pcchLanguagesBuffer=0x118e010) returned 1 [0150.196] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x5088b0 [0150.196] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x508880) returned 1 [0150.196] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x14) returned 0x527560 [0150.196] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x527560, pulNumLanguages=0x118e118 | out: pulNumLanguages=0x118e118) returned 1 [0150.196] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x527560) returned 1 [0150.199] malloc (_Size=0x600) returned 0xdb89c0 [0150.199] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x118d7f8 | out: Buffer=0x0, ReturnedLength=0x118d7f8) returned 0 [0150.199] GetLastError () returned 0x7a [0150.199] malloc (_Size=0x250) returned 0xdb5c50 [0150.199] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xdb5c50, ReturnedLength=0x118d7f8 | out: Buffer=0xdb5c50, ReturnedLength=0x118d7f8) returned 1 [0150.199] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0150.200] GetMaximumProcessorGroupCount () returned 0x1 [0150.200] malloc (_Size=0x40) returned 0xdb1b00 [0150.200] malloc (_Size=0x40) returned 0xdb1bf0 [0150.200] malloc (_Size=0x8) returned 0xdb5b20 [0150.200] memcpy (in: _Dst=0xdb1b00, _Src=0xdb5c70, _Size=0x10 | out: _Dst=0xdb1b00) returned 0xdb1b00 [0150.210] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0150.210] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x118d7f0, InputBufferLength=0x2, OutputBuffer=0xdb89c0, OutputBufferLength=0x60 | out: OutputBuffer=0xdb89c0) returned 0x0 [0150.210] _vsnwprintf (in: _Buffer=0x118d690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x118cf88 | out: _Buffer="CPU0") returned 4 [0150.211] GetCurrentThread () returned 0xfffffffffffffffe [0150.211] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x118cee0, PreviousGroupAffinity=0x118cef0 | out: PreviousGroupAffinity=0x118cef0) returned 1 [0150.211] GetSystemInfo (in: lpSystemInfo=0x118d020 | out: lpSystemInfo=0x118d020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0150.211] mbstowcs (in: _Dest=0x118d2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0150.211] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0150.213] mbstowcs (in: _Dest=0x118d118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0150.213] GetCurrentThread () returned 0xfffffffffffffffe [0150.213] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x118cef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0150.219] LoadStringW (in: hInstance=0x7ff9fc400000, uID=0x2c, lpBuffer=0x118ccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0165.734] malloc (_Size=0x35140) returned 0xdb98f0 [0165.745] _wtoi (_String="238") returned 238 [0165.745] _wtoi (_String="6") returned 6 [0165.745] _itow (in: _Dest=0x0, _Radix=18404800 | out: _Dest=0x0) returned="0" [0165.745] _itow (in: _Dest=0xee, _Radix=18403088 | out: _Dest=0xee) returned="238" [0165.745] malloc (_Size=0x4000) returned 0xdeea40 [0165.745] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdeea40, lpcbData=0x118cee4*=0x4000 | out: lpType=0x0, lpData=0xdeea40*=0x50, lpcbData=0x118cee4*=0x600) returned 0x0 [0165.881] free (_Block=0xdeea40) [0165.881] Sleep (dwMilliseconds=0x3e8) [0166.896] _itow (in: _Dest=0xee, _Radix=18403088 | out: _Dest=0xee) returned="238" [0166.896] malloc (_Size=0x4000) returned 0xdeea40 [0166.896] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdeea40, lpcbData=0x118cee4*=0x4000 | out: lpType=0x0, lpData=0xdeea40*=0x50, lpcbData=0x118cee4*=0x600) returned 0x0 [0166.961] free (_Block=0xdeea40) [0166.964] free (_Block=0xdb98f0) [0166.973] _vsnwprintf (in: _Buffer=0x118d5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x118cf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0166.976] lstrlenW (lpString=" 0") returned 2 [0166.977] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0166.978] lstrlenW (lpString="") returned 0 [0166.978] lstrlenW (lpString="") returned 0 [0166.979] lstrlenW (lpString="") returned 0 [0166.982] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0166.983] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0166.985] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0166.985] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0166.985] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0166.985] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0166.986] _vsnwprintf (in: _Buffer=0x118d880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x118d7c8 | out: _Buffer="CPU0") returned 4 [0166.988] free (_Block=0xdb5b20) [0166.988] free (_Block=0xdb1bf0) [0166.989] free (_Block=0xdb1b00) [0166.989] free (_Block=0xdb5c50) [0167.003] free (_Block=0xdb89c0) [0167.018] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x4) returned 0x12810a0 [0167.018] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x12810a0, pulNumLanguages=0x118e1c0 | out: pulNumLanguages=0x118e1c0) returned 1 [0167.018] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x12810a0) returned 1 [0167.018] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5088b0) returned 1 [0167.305] RtlRestoreLastWin32Error () returned 0x385000 [0167.305] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010) returned 1 [0167.305] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x1281260 [0167.305] RtlRestoreLastWin32Error () returned 0x385000 [0167.305] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x1281260, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x1281260, pcchLanguagesBuffer=0x118e010) returned 1 [0167.305] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x1281080 [0167.305] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1281260) returned 1 [0167.305] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x14) returned 0x555cf0 [0167.305] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x555cf0, pulNumLanguages=0x118e118 | out: pulNumLanguages=0x118e118) returned 1 [0167.305] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x555cf0) returned 1 [0167.312] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.312] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.316] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdaptersAddresses") returned 0x7ffa0baf2a20 [0167.316] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d8e0 | out: lpflOldProtect=0x118d8e0*=0x4) returned 1 [0167.316] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x118d9b8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x118d9b8*=0x1128) returned 0x6f [0167.344] malloc (_Size=0x1128) returned 0xdb89c0 [0167.344] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0xdb89c0, SizePointer=0x118d9b8*=0x1128 | out: AdapterAddresses=0xdb89c0*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0xdb8f80, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0xdb8c30, FirstAnycastAddress=0x0, FirstMulticastAddress=0xdb8ce0, FirstDnsServerAddress=0xdb8f50, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x9, [2]=0x6f, [3]=0x78, [4]=0xf0, [5]=0xa, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0xdb8b80*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x118d9b8*=0x1128) returned 0x0 [0167.354] malloc (_Size=0x68) returned 0xdb04d0 [0167.354] memcpy (in: _Dst=0xdb051c, _Src=0xdb8a10, _Size=0x6 | out: _Dst=0xdb051c) returned 0xdb051c [0167.354] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.355] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetIpForwardTable2") returned 0x7ffa0bafa540 [0167.355] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d850 | out: lpflOldProtect=0x118d850*=0x4) returned 1 [0167.355] GetIpForwardTable2 () returned 0x0 [0167.357] malloc (_Size=0x20) returned 0xdb6980 [0167.357] RtlIpv6AddressToStringW () returned 0x118d812 [0167.358] malloc (_Size=0x20) returned 0xdb69b0 [0167.358] RtlIpv4AddressToStringW () returned 0x118d7fa [0167.358] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.358] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="ConvertLengthToIpv4Mask") returned 0x7ffa0baf1c40 [0167.358] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d740 | out: lpflOldProtect=0x118d740*=0x4) returned 1 [0167.358] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x118d7c8 | out: Mask=0x118d7c8) returned 0x0 [0167.358] RtlIpv4AddressToStringW () returned 0x118d7fa [0167.358] malloc (_Size=0x20) returned 0xdb6a10 [0167.359] RtlIpv4AddressToStringW () returned 0x118d7f6 [0167.359] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.359] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="FreeMibTable") returned 0x7ffa0baf2840 [0167.359] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d850 | out: lpflOldProtect=0x118d850*=0x4) returned 1 [0167.359] FreeMibTable () returned 0x1 [0167.359] malloc (_Size=0x68) returned 0xdb0690 [0167.360] GetIpForwardTable2 () returned 0x0 [0167.360] malloc (_Size=0x20) returned 0xdb6b30 [0167.360] RtlIpv6AddressToStringW () returned 0x118d7e6 [0167.360] malloc (_Size=0x20) returned 0xdb6da0 [0167.360] RtlIpv4AddressToStringW () returned 0x118d7f2 [0167.360] ConvertLengthToIpv4Mask (in: MaskLength=0x8, Mask=0x118d7c8 | out: Mask=0x118d7c8) returned 0x0 [0167.360] RtlIpv4AddressToStringW () returned 0x118d7f2 [0167.361] FreeMibTable () returned 0x1 [0167.361] malloc (_Size=0x68) returned 0xdb0850 [0167.361] malloc (_Size=0x68) returned 0xdb75e0 [0167.361] memcpy (in: _Dst=0xdb762c, _Src=0xdb9758, _Size=0x8 | out: _Dst=0xdb762c) returned 0xdb762c [0167.361] GetIpForwardTable2 () returned 0x0 [0167.362] malloc (_Size=0x20) returned 0xdb6b90 [0167.362] RtlIpv6AddressToStringW () returned 0x118d828 [0167.362] malloc (_Size=0x20) returned 0xdb6b60 [0167.362] RtlIpv6AddressToStringW () returned 0x118d812 [0167.362] malloc (_Size=0x20) returned 0xdb6ad0 [0167.362] RtlIpv6AddressToStringW () returned 0x118d7e4 [0167.362] FreeMibTable () returned 0x1 [0167.363] free (_Block=0xdb89c0) [0167.364] _vsnwprintf (in: _Buffer=0x118d6f0, _BufferCount=0x105, _Format="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", _ArgList=0x118c708 | out: _Buffer="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}") returned 77 [0167.366] _wtol (_String="0000") returned 0 [0167.369] malloc (_Size=0x48) returned 0xdb20a0 [0167.370] _wtol (_String="0001") returned 1 [0167.372] malloc (_Size=0x48) returned 0xdb1ce0 [0167.373] _wtol (_String="0002") returned 2 [0167.374] malloc (_Size=0x48) returned 0xdb1c40 [0167.375] _wtol (_String="0003") returned 3 [0167.376] malloc (_Size=0x48) returned 0xdb1d30 [0167.377] _wtol (_String="0004") returned 4 [0167.379] malloc (_Size=0x48) returned 0xdb1bf0 [0167.381] _wtol (_String="Configuration") returned 0 [0167.382] _wtol (_String="Properties") returned 0 [0167.396] QueryDosDeviceW (in: lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath=0x118c410, ucchMax=0x200 | out: lpTargetPath="\x01") returned 0x0 [0167.396] GetLastError () returned 0x2 [0167.397] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath="\\Device\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}") returned 1 [0167.402] CreateFileW (lpFileName="\\\\.\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}" (normalized: "{017ef944-8c88-42c3-8f92-c8f7b6022f8d}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0167.403] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath="\\Device\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}") returned 1 [0167.410] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.410] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0167.410] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", IfIndex=0x118d980 | out: IfIndex=0x118d980) returned 0x0 [0167.411] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0167.413] QueryDosDeviceW (in: lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath=0x118c410, ucchMax=0x200 | out: lpTargetPath="") returned 0x0 [0167.413] GetLastError () returned 0x2 [0167.414] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath="\\Device\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}") returned 1 [0167.419] CreateFileW (lpFileName="\\\\.\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}" (normalized: "{e25a642b-6ceb-4194-8f83-8bc82af94f5a}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0167.419] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath="\\Device\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}") returned 1 [0167.424] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.425] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0167.425] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", IfIndex=0x118d980 | out: IfIndex=0x118d980) returned 0x0 [0167.425] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0167.427] QueryDosDeviceW (in: lpDeviceName="{9E8A7ED5-49C8-421B-A782-D46C28931105}", lpTargetPath=0x118c410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP6") returned 0xf [0167.427] CreateFileW (lpFileName="\\\\.\\{9E8A7ED5-49C8-421B-A782-D46C28931105}" (normalized: "\\device\\ndmp6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x46c [0167.428] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0x4, lpOverlapped=0x0) returned 1 [0167.428] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0xc, lpOverlapped=0x0) returned 1 [0167.428] CloseHandle (hObject=0x46c) returned 1 [0167.431] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.432] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0167.432] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{9E8A7ED5-49C8-421B-A782-D46C28931105}", IfIndex=0x118d980 | out: IfIndex=0x118d980) returned 0x0 [0167.433] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0167.434] QueryDosDeviceW (in: lpDeviceName="{C2998852-8A8B-426B-AAB1-8880E47F8B1A}", lpTargetPath=0x118c410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP7") returned 0xf [0167.435] CreateFileW (lpFileName="\\\\.\\{C2998852-8A8B-426B-AAB1-8880E47F8B1A}" (normalized: "\\device\\ndmp7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x46c [0167.435] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0x4, lpOverlapped=0x0) returned 1 [0167.435] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0x20, lpOverlapped=0x0) returned 1 [0167.435] CloseHandle (hObject=0x46c) returned 1 [0167.438] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.439] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0167.439] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{C2998852-8A8B-426B-AAB1-8880E47F8B1A}", IfIndex=0x118d980 | out: IfIndex=0x118d980) returned 0x0 [0167.439] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0167.441] QueryDosDeviceW (in: lpDeviceName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", lpTargetPath=0x118c410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP5") returned 0xf [0167.441] CreateFileW (lpFileName="\\\\.\\{E96D977E-F067-4CE9-924D-F6E0A04729E4}" (normalized: "\\device\\ndmp5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x46c [0167.441] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0x4, lpOverlapped=0x0) returned 1 [0167.441] DeviceIoControl (in: hDevice=0x46c, dwIoControlCode=0x170002, lpInBuffer=0x118c870*, nInBufferSize=0x4, lpOutBuffer=0x118c8b0, nOutBufferSize=0x1000, lpBytesReturned=0x118c874, lpOverlapped=0x0 | out: lpInBuffer=0x118c870*, lpOutBuffer=0x118c8b0*, lpBytesReturned=0x118c874*=0x6, lpOverlapped=0x0) returned 1 [0167.442] CloseHandle (hObject=0x46c) returned 1 [0167.446] malloc (_Size=0x18) returned 0xdb64b0 [0167.446] malloc (_Size=0x18) returned 0xdb66f0 [0167.446] SafeArrayPutElement (psa=0x12526f0, rgIndices=0x118d570, pv=0x524538) returned 0x0 [0167.446] malloc (_Size=0x18) returned 0xdb6630 [0167.447] SafeArrayPutElement (psa=0x1252ef0, rgIndices=0x118d570, pv=0x12529e8) returned 0x0 [0167.447] free (_Block=0xdb6630) [0167.447] free (_Block=0xdb66f0) [0167.447] malloc (_Size=0x18) returned 0xdb62d0 [0167.447] SafeArrayPutElement (psa=0x12526f0, rgIndices=0x118d570, pv=0x524538) returned 0x0 [0167.447] malloc (_Size=0x18) returned 0xdb6170 [0167.447] SafeArrayPutElement (psa=0x1252ef0, rgIndices=0x118d570, pv=0x4f8b78) returned 0x0 [0167.447] free (_Block=0xdb6170) [0167.447] free (_Block=0xdb62d0) [0167.447] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dde50 [0167.447] SafeArrayGetDim (psa=0x12526f0) returned 0x1 [0167.447] SafeArrayGetLBound (in: psa=0x12526f0, nDim=0x1, plLbound=0x118d260 | out: plLbound=0x118d260) returned 0x0 [0167.447] SafeArrayGetUBound (in: psa=0x12526f0, nDim=0x1, plUbound=0x118d280 | out: plUbound=0x118d280) returned 0x0 [0167.447] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x1260c80 [0167.447] SafeArrayGetDim (psa=0x12526f0) returned 0x1 [0167.447] SafeArrayGetUBound (in: psa=0x12526f0, nDim=0x1, plUbound=0x118d228 | out: plUbound=0x118d228) returned 0x0 [0167.447] SafeArrayGetElemsize (psa=0x12526f0) returned 0x8 [0167.447] SafeArrayGetElement (in: psa=0x12526f0, rgIndices=0x118d118, pv=0x118d120 | out: pv=0x118d120) returned 0x0 [0167.448] memcpy (in: _Dst=0x118d128, _Src=0x555e10, _Size=0x8 | out: _Dst=0x118d128) returned 0x118d128 [0167.448] memcpy (in: _Dst=0x118d128, _Src=0x555e18, _Size=0x8 | out: _Dst=0x118d128) returned 0x118d128 [0167.449] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1260c80) returned 1 [0167.449] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dde50) returned 1 [0167.449] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dddd0 [0167.449] SafeArrayGetDim (psa=0x1252ef0) returned 0x1 [0167.449] SafeArrayGetLBound (in: psa=0x1252ef0, nDim=0x1, plLbound=0x118d260 | out: plLbound=0x118d260) returned 0x0 [0167.449] SafeArrayGetUBound (in: psa=0x1252ef0, nDim=0x1, plUbound=0x118d280 | out: plUbound=0x118d280) returned 0x0 [0167.449] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x1261070 [0167.449] SafeArrayGetDim (psa=0x1252ef0) returned 0x1 [0167.449] SafeArrayGetUBound (in: psa=0x1252ef0, nDim=0x1, plUbound=0x118d228 | out: plUbound=0x118d228) returned 0x0 [0167.449] SafeArrayGetElemsize (psa=0x1252ef0) returned 0x8 [0167.449] SafeArrayGetElement (in: psa=0x1252ef0, rgIndices=0x118d118, pv=0x118d120 | out: pv=0x118d120) returned 0x0 [0167.450] memcpy (in: _Dst=0x118d128, _Src=0x555c10, _Size=0x8 | out: _Dst=0x118d128) returned 0x118d128 [0167.450] memcpy (in: _Dst=0x118d128, _Src=0x555c18, _Size=0x8 | out: _Dst=0x118d128) returned 0x118d128 [0167.451] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1261070) returned 1 [0167.451] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dddd0) returned 1 [0167.451] free (_Block=0xdb64b0) [0167.455] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.455] GetProcAddress (hModule=0x7ffa147c0000, lpProcName=0x10) returned 0x7ffa147d0e10 [0167.456] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d420 | out: lpflOldProtect=0x118d420*=0x4) returned 1 [0167.456] malloc (_Size=0x18) returned 0xdb63d0 [0167.456] SafeArrayPutElement (psa=0x12523f0, rgIndices=0x118d570, pv=0x4f8b78) returned 0x0 [0167.456] SafeArrayPutElement (psa=0x1252af0, rgIndices=0x118d570, pv=0xdb6a2c) returned 0x0 [0167.456] free (_Block=0xdb63d0) [0167.456] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dddd0 [0167.456] SafeArrayGetDim (psa=0x12523f0) returned 0x1 [0167.456] SafeArrayGetLBound (in: psa=0x12523f0, nDim=0x1, plLbound=0x118d260 | out: plLbound=0x118d260) returned 0x0 [0167.456] SafeArrayGetUBound (in: psa=0x12523f0, nDim=0x1, plUbound=0x118d280 | out: plUbound=0x118d280) returned 0x0 [0167.456] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x1260c20 [0167.456] SafeArrayGetDim (psa=0x12523f0) returned 0x1 [0167.456] SafeArrayGetUBound (in: psa=0x12523f0, nDim=0x1, plUbound=0x118d228 | out: plUbound=0x118d228) returned 0x0 [0167.456] SafeArrayGetElemsize (psa=0x12523f0) returned 0x8 [0167.457] SafeArrayGetElement (in: psa=0x12523f0, rgIndices=0x118d118, pv=0x118d120 | out: pv=0x118d120) returned 0x0 [0167.457] memcpy (in: _Dst=0x118d128, _Src=0x12811e0, _Size=0x8 | out: _Dst=0x118d128) returned 0x118d128 [0167.458] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1260c20) returned 1 [0167.458] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dddd0) returned 1 [0167.458] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dddd0 [0167.458] SafeArrayGetDim (psa=0x1252af0) returned 0x1 [0167.458] SafeArrayGetLBound (in: psa=0x1252af0, nDim=0x1, plLbound=0x118d260 | out: plLbound=0x118d260) returned 0x0 [0167.458] SafeArrayGetUBound (in: psa=0x1252af0, nDim=0x1, plUbound=0x118d280 | out: plUbound=0x118d280) returned 0x0 [0167.458] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x1260da0 [0167.458] SafeArrayGetDim (psa=0x1252af0) returned 0x1 [0167.458] SafeArrayGetUBound (in: psa=0x1252af0, nDim=0x1, plUbound=0x118d228 | out: plUbound=0x118d228) returned 0x0 [0167.458] SafeArrayGetElemsize (psa=0x1252af0) returned 0x4 [0167.459] SafeArrayGetElement (in: psa=0x1252af0, rgIndices=0x118d120, pv=0x118d170 | out: pv=0x118d170) returned 0x0 [0167.459] SafeArrayGetElement (in: psa=0x1252af0, rgIndices=0x118d120, pv=0x118d170 | out: pv=0x118d170) returned 0x0 [0167.459] memcpy (in: _Dst=0x118d128, _Src=0x1280fe0, _Size=0x4 | out: _Dst=0x118d128) returned 0x118d128 [0167.460] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1260da0) returned 1 [0167.460] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dddd0) returned 1 [0167.462] _wtol (_String="1659538871") returned 1659538871 [0167.462] _wtol (_String="1659535271") returned 1659535271 [0167.466] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dd4d0 [0167.467] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dd4d0) returned 1 [0167.467] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dc6d0 [0167.468] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dc6d0) returned 1 [0167.468] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dcd50 [0167.468] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dcd50) returned 1 [0167.470] GetProcessHeap () returned 0x4e0000 [0167.470] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x1c0) returned 0x5c9e10 [0167.470] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x5c9e10, SizePointer=0x118d0c0*=0x1c0 | out: AdapterAddresses=0x5c9e10*(Alignment=0x0, Length=0x0, IfIndex=0x0, Next=0x0, AdapterName=0x0, FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix=0x0, Description=0x0, FriendlyName=0x0, PhysicalAddress=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x0, Flags=0x0, DdnsEnabled=0x0, RegisterAdapterSuffix=0x0, Dhcpv4Enabled=0x0, ReceiveOnly=0x0, NoMulticast=0x0, Ipv6OtherStatefulConfig=0x0, NetbiosOverTcpipEnabled=0x0, Ipv4Enabled=0x0, Ipv6Enabled=0x0, Ipv6ManagedAddressConfigurationSupported=0x0, Mtu=0x0, IfType=0x0, OperStatus=0x0, Ipv6IfIndex=0x0, ZoneIndices=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0), FirstPrefix=0x0, TransmitLinkSpeed=0x0, ReceiveLinkSpeed=0x0, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x0, Ipv6Metric=0x0, Luid=0x0, Dhcpv4Server.lpSockaddr=0x0, Dhcpv4Server.iSockaddrLength=0, CompartmentId=0x0, NetworkGuid=0x0, ConnectionType=0x0, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0x0, Dhcpv6Iaid=0x0, FirstDnsSuffix=0x0), SizePointer=0x118d0c0*=0x9a8) returned 0x6f [0167.474] GetProcessHeap () returned 0x4e0000 [0167.475] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5c9e10) returned 1 [0167.475] GetProcessHeap () returned 0x4e0000 [0167.475] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x9a8) returned 0x1291e60 [0167.475] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x1291e60, SizePointer=0x118d0c0*=0x9a8 | out: AdapterAddresses=0x1291e60*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0x12920d0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x9, [2]=0x6f, [3]=0x78, [4]=0xf0, [5]=0xa, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x1292020*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x118d0c0*=0x9a8) returned 0x0 [0167.479] GetProcessHeap () returned 0x4e0000 [0167.479] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1291e60) returned 1 [0167.482] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.482] LoadLibraryExA (lpLibFileName="DNSAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa11800000 [0167.487] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsQueryConfigAllocEx") returned 0x7ffa11806cf0 [0167.488] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d4f0 | out: lpflOldProtect=0x118d4f0*=0x4) returned 1 [0167.488] DnsQueryConfigAllocEx () returned 0x1290980 [0167.495] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.495] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsFreeConfigStructure") returned 0x7ffa1183c9a0 [0167.495] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d4f0 | out: lpflOldProtect=0x118d4f0*=0x4) returned 1 [0167.495] DnsFreeConfigStructure () returned 0x1 [0167.496] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc5b7f20 | out: lpflOldProtect=0x7ff9fc5b7f20*=0x2) returned 1 [0167.496] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsQueryConfigDword") returned 0x7ffa11806bc0 [0167.497] VirtualProtect (in: lpAddress=0x7ff9fc5ca000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0x118d4f0 | out: lpflOldProtect=0x118d4f0*=0x4) returned 1 [0167.497] DnsQueryConfigDword () returned 0x1 [0167.497] DnsQueryConfigDword () returned 0x0 [0167.498] malloc (_Size=0x18) returned 0xdb6490 [0167.499] SafeArrayPutElement (psa=0x1252130, rgIndices=0x118d280, pv=0x4f8b78) returned 0x0 [0167.499] free (_Block=0xdb6490) [0167.500] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dd4d0 [0167.500] SafeArrayGetDim (psa=0x1252130) returned 0x1 [0167.500] SafeArrayGetLBound (in: psa=0x1252130, nDim=0x1, plLbound=0x118d300 | out: plLbound=0x118d300) returned 0x0 [0167.500] SafeArrayGetUBound (in: psa=0x1252130, nDim=0x1, plUbound=0x118d320 | out: plUbound=0x118d320) returned 0x0 [0167.500] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x1260aa0 [0167.500] SafeArrayGetDim (psa=0x1252130) returned 0x1 [0167.500] SafeArrayGetUBound (in: psa=0x1252130, nDim=0x1, plUbound=0x118d2c8 | out: plUbound=0x118d2c8) returned 0x0 [0167.500] SafeArrayGetElemsize (psa=0x1252130) returned 0x8 [0167.500] SafeArrayGetElement (in: psa=0x1252130, rgIndices=0x118d1b8, pv=0x118d1c0 | out: pv=0x118d1c0) returned 0x0 [0167.500] memcpy (in: _Dst=0x118d1c8, _Src=0x12810d0, _Size=0x8 | out: _Dst=0x118d1c8) returned 0x118d1c8 [0167.501] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1260aa0) returned 1 [0167.501] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dd4d0) returned 1 [0167.501] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x78) returned 0x5dcd50 [0167.501] SafeArrayGetDim (psa=0x1252730) returned 0x1 [0167.501] SafeArrayGetLBound (in: psa=0x1252730, nDim=0x1, plLbound=0x118d300 | out: plLbound=0x118d300) returned 0x0 [0167.501] SafeArrayGetUBound (in: psa=0x1252730, nDim=0x1, plUbound=0x118d320 | out: plUbound=0x118d320) returned 0x0 [0167.501] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x28) returned 0x12611c0 [0167.501] SafeArrayGetDim (psa=0x1252730) returned 0x1 [0167.502] SafeArrayGetUBound (in: psa=0x1252730, nDim=0x1, plUbound=0x118d2c8 | out: plUbound=0x118d2c8) returned 0x0 [0167.502] SafeArrayGetElemsize (psa=0x1252730) returned 0x8 [0167.503] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x12611c0) returned 1 [0167.503] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x5dcd50) returned 1 [0167.509] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0167.509] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0167.509] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E96D977E-F067-4CE9-924D-F6E0A04729E4}", IfIndex=0x118d980 | out: IfIndex=0x118d980) returned 0x0 [0167.510] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0167.511] free (_Block=0xdb20a0) [0167.512] free (_Block=0xdb1ce0) [0167.513] free (_Block=0xdb1c40) [0167.513] free (_Block=0xdb1d30) [0167.514] free (_Block=0xdb1bf0) [0167.514] free (_Block=0xdb6980) [0167.515] free (_Block=0xdb69b0) [0167.515] free (_Block=0xdb6a10) [0167.516] free (_Block=0xdb04d0) [0167.516] free (_Block=0xdb6b30) [0167.517] free (_Block=0xdb6da0) [0167.517] free (_Block=0xdb0690) [0167.518] free (_Block=0xdb0850) [0167.518] free (_Block=0xdb6b90) [0167.518] free (_Block=0xdb6b60) [0167.519] free (_Block=0xdb6ad0) [0167.519] free (_Block=0xdb75e0) [0167.560] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x4) returned 0x12812d0 [0167.560] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x12812d0, pulNumLanguages=0x118e1c0 | out: pulNumLanguages=0x118e1c0) returned 1 [0167.560] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x12812d0) returned 1 [0167.560] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1281080) returned 1 [0174.512] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0174.750] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0174.866] RtlRestoreLastWin32Error () returned 0x385000 [0174.866] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x118e010) returned 1 [0174.866] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x12812c0 [0174.866] RtlRestoreLastWin32Error () returned 0x385000 [0174.866] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x12812c0, pcchLanguagesBuffer=0x118e010 | out: pulNumLanguages=0x118e118, pwszLanguagesBuffer=0x12812c0, pcchLanguagesBuffer=0x118e010) returned 1 [0174.866] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x8) returned 0x12812a0 [0174.866] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x12812c0) returned 1 [0174.866] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x14) returned 0x555e90 [0174.866] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x555e90, pulNumLanguages=0x118e118 | out: pulNumLanguages=0x118e118) returned 1 [0174.866] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x555e90) returned 1 [0174.870] malloc (_Size=0x600) returned 0xdb79b0 [0174.870] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x118d7f8 | out: Buffer=0x0, ReturnedLength=0x118d7f8) returned 0 [0174.870] GetLastError () returned 0x7a [0174.870] malloc (_Size=0x250) returned 0xdb5c50 [0174.870] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xdb5c50, ReturnedLength=0x118d7f8 | out: Buffer=0xdb5c50, ReturnedLength=0x118d7f8) returned 1 [0174.870] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0174.870] GetMaximumProcessorGroupCount () returned 0x1 [0174.870] malloc (_Size=0x40) returned 0xdb1ec0 [0174.871] malloc (_Size=0x40) returned 0xdb1b00 [0174.871] malloc (_Size=0x8) returned 0xdb5bc0 [0174.871] memcpy (in: _Dst=0xdb1ec0, _Src=0xdb5c70, _Size=0x10 | out: _Dst=0xdb1ec0) returned 0xdb1ec0 [0174.872] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0174.872] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x118d7f0, InputBufferLength=0x2, OutputBuffer=0xdb79b0, OutputBufferLength=0x60 | out: OutputBuffer=0xdb79b0) returned 0x0 [0174.872] _vsnwprintf (in: _Buffer=0x118d690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x118cf88 | out: _Buffer="CPU0") returned 4 [0174.873] GetCurrentThread () returned 0xfffffffffffffffe [0174.873] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x118cee0, PreviousGroupAffinity=0x118cef0 | out: PreviousGroupAffinity=0x118cef0) returned 1 [0174.873] GetSystemInfo (in: lpSystemInfo=0x118d020 | out: lpSystemInfo=0x118d020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0174.873] mbstowcs (in: _Dest=0x118d2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0174.873] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0174.880] mbstowcs (in: _Dest=0x118d118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0174.880] GetCurrentThread () returned 0xfffffffffffffffe [0174.880] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x118cef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0174.885] LoadStringW (in: hInstance=0x7ff9fc400000, uID=0x2c, lpBuffer=0x118ccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0174.929] malloc (_Size=0x35140) returned 0xdbb2e0 [0174.942] _wtoi (_String="238") returned 238 [0174.942] _wtoi (_String="6") returned 6 [0174.942] _itow (in: _Dest=0x0, _Radix=18404800 | out: _Dest=0x0) returned="0" [0174.942] _itow (in: _Dest=0xee, _Radix=18403088 | out: _Dest=0xee) returned="238" [0174.942] malloc (_Size=0x4000) returned 0xdf0430 [0174.943] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdf0430, lpcbData=0x118cee4*=0x4000 | out: lpType=0x0, lpData=0xdf0430*=0x50, lpcbData=0x118cee4*=0x600) returned 0x0 [0174.944] free (_Block=0xdf0430) [0174.944] Sleep (dwMilliseconds=0x3e8) [0175.969] _itow (in: _Dest=0xee, _Radix=18403088 | out: _Dest=0xee) returned="238" [0175.969] malloc (_Size=0x4000) returned 0xdf0430 [0175.969] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdf0430, lpcbData=0x118cee4*=0x4000 | out: lpType=0x0, lpData=0xdf0430*=0x50, lpcbData=0x118cee4*=0x600) returned 0x0 [0175.970] free (_Block=0xdf0430) [0175.973] free (_Block=0xdbb2e0) [0175.980] _vsnwprintf (in: _Buffer=0x118d5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x118cf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0175.982] lstrlenW (lpString=" 0") returned 2 [0175.982] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0175.983] lstrlenW (lpString="") returned 0 [0175.983] lstrlenW (lpString="") returned 0 [0175.984] lstrlenW (lpString="") returned 0 [0175.987] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0175.988] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0175.989] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0175.989] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0175.989] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0175.989] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0175.989] _vsnwprintf (in: _Buffer=0x118d880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x118d7c8 | out: _Buffer="CPU0") returned 4 [0175.991] free (_Block=0xdb5bc0) [0175.991] free (_Block=0xdb1b00) [0175.991] free (_Block=0xdb1ec0) [0175.992] free (_Block=0xdb5c50) [0175.992] free (_Block=0xdb79b0) [0176.001] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x4) returned 0x1281210 [0176.001] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1281210, pulNumLanguages=0x118e1c0 | out: pulNumLanguages=0x118e1c0) returned 1 [0176.002] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x1281210) returned 1 [0176.002] RtlFreeHeap (HeapHandle=0x4e0000, Flags=0x0, BaseAddress=0x12812a0) returned 1 Thread: id = 100 os_tid = 0x1190 Thread: id = 101 os_tid = 0x118c [0169.728] DllCanUnloadNow () returned 0x1 [0289.742] DllCanUnloadNow () returned 0x1 Thread: id = 102 os_tid = 0x1184 Thread: id = 103 os_tid = 0x1178 Thread: id = 104 os_tid = 0x1174 Thread: id = 105 os_tid = 0x116c Thread: id = 106 os_tid = 0x1150 Thread: id = 125 os_tid = 0x11f8 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x3a8a000" os_pid = "0x4b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 888 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 889 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 890 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 891 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 892 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 893 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 894 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 895 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 896 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 897 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 898 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 899 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 900 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 901 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 902 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 903 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 904 start_va = 0x470000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 905 start_va = 0x5f0000 end_va = 0x777fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 906 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 907 start_va = 0x7b0000 end_va = 0xae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 908 start_va = 0xaf0000 end_va = 0xc70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 909 start_va = 0xc80000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 910 start_va = 0xd40000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 911 start_va = 0xdc0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 912 start_va = 0xec0000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 913 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 914 start_va = 0xfc0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 915 start_va = 0x1040000 end_va = 0x10bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 916 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 917 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 918 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 919 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 920 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 921 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 922 start_va = 0x7ff7aedf0000 end_va = 0x7ff7aee6ffff monitored = 0 entry_point = 0x7ff7aee05f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 923 start_va = 0x7ff9fc0d0000 end_va = 0x7ff9fc11cfff monitored = 0 entry_point = 0x7ff9fc0db470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 924 start_va = 0x7ff9fc120000 end_va = 0x7ff9fc144fff monitored = 1 entry_point = 0x7ff9fc135dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 925 start_va = 0x7ff9fdfe0000 end_va = 0x7ff9fe01cfff monitored = 1 entry_point = 0x7ff9fdfeb760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 926 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 927 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 928 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 929 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 930 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 931 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 1 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 932 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 933 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 934 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 935 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 936 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 937 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 938 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 939 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 940 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 941 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 942 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 943 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 944 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 945 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 946 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 947 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 948 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 949 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 950 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 107 os_tid = 0xb0c Thread: id = 108 os_tid = 0xabc Thread: id = 109 os_tid = 0x870 [0146.712] DllCanUnloadNow () returned 0x1 [0146.712] DllCanUnloadNow () returned 0x1 [0266.741] DllCanUnloadNow () returned 0x1 [0266.741] DllCanUnloadNow () returned 0x1 Thread: id = 110 os_tid = 0x85c Thread: id = 111 os_tid = 0x868 Thread: id = 112 os_tid = 0x864 Thread: id = 113 os_tid = 0x86c Thread: id = 114 os_tid = 0x17c Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x510bc000" os_pid = "0x390" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c87e" [0xc000000f], "LOCAL" [0x7] Region: id = 1945 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1946 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1947 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1948 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1949 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1950 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1951 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1952 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1953 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1954 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1955 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1956 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1957 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1958 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1959 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1960 start_va = 0x550000 end_va = 0x556fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1961 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1962 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1963 start_va = 0x580000 end_va = 0x5e3fff monitored = 0 entry_point = 0x595ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1964 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1965 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1966 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1967 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 1968 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 1969 start_va = 0xb20000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 1970 start_va = 0xb30000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 1971 start_va = 0xba0000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1972 start_va = 0xc20000 end_va = 0xc26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 1973 start_va = 0xc30000 end_va = 0xcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1974 start_va = 0xcb0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 1975 start_va = 0xcd0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1976 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 1977 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1978 start_va = 0xf00000 end_va = 0xf00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1979 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1980 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1981 start_va = 0x1120000 end_va = 0x1126fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1982 start_va = 0x1130000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 1983 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1984 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1985 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1986 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1987 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 1988 start_va = 0x1500000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1989 start_va = 0x1590000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 1990 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1991 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1992 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1993 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 1994 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 1995 start_va = 0x1d00000 end_va = 0x2036fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1996 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 1997 start_va = 0x2140000 end_va = 0x221ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1998 start_va = 0x2220000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 1999 start_va = 0x2320000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2000 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2001 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2002 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2003 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2004 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2005 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 2006 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 2007 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 2008 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 2009 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 2010 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2011 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2012 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2013 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2014 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 2015 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2016 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2017 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2018 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2019 start_va = 0x7ff681250000 end_va = 0x7ff68125cfff monitored = 0 entry_point = 0x7ff681253980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2020 start_va = 0x7ffa00990000 end_va = 0x7ffa00a17fff monitored = 0 entry_point = 0x7ffa009a4510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2021 start_va = 0x7ffa01290000 end_va = 0x7ffa012c2fff monitored = 0 entry_point = 0x7ffa0129ae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2022 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2023 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2024 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2025 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 0 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2026 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2027 start_va = 0x7ffa0b7b0000 end_va = 0x7ffa0b7f7fff monitored = 0 entry_point = 0x7ffa0b7ba1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2028 start_va = 0x7ffa0b8c0000 end_va = 0x7ffa0b91cfff monitored = 0 entry_point = 0x7ffa0b8d2bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2029 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2030 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2031 start_va = 0x7ffa0ba70000 end_va = 0x7ffa0ba7dfff monitored = 0 entry_point = 0x7ffa0ba72e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 2032 start_va = 0x7ffa0ba80000 end_va = 0x7ffa0bab7fff monitored = 0 entry_point = 0x7ffa0ba868f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 2033 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2034 start_va = 0x7ffa0bb30000 end_va = 0x7ffa0bbc8fff monitored = 0 entry_point = 0x7ffa0bb4a090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 2035 start_va = 0x7ffa0c7c0000 end_va = 0x7ffa0c8cafff monitored = 0 entry_point = 0x7ffa0c802610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2036 start_va = 0x7ffa0c9c0000 end_va = 0x7ffa0ca2ffff monitored = 0 entry_point = 0x7ffa0c9e2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2037 start_va = 0x7ffa0e910000 end_va = 0x7ffa0eac0fff monitored = 0 entry_point = 0x7ffa0e963690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2038 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2039 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2040 start_va = 0x7ffa0f0a0000 end_va = 0x7ffa0f0e9fff monitored = 0 entry_point = 0x7ffa0f0aac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 2041 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2042 start_va = 0x7ffa0ff00000 end_va = 0x7ffa0ff08fff monitored = 0 entry_point = 0x7ffa0ff019a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2043 start_va = 0x7ffa0ff10000 end_va = 0x7ffa0ff1afff monitored = 0 entry_point = 0x7ffa0ff11cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2044 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2045 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2046 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2047 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2048 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2049 start_va = 0x7ffa11b10000 end_va = 0x7ffa11b41fff monitored = 0 entry_point = 0x7ffa11b22340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2050 start_va = 0x7ffa11d90000 end_va = 0x7ffa11db3fff monitored = 0 entry_point = 0x7ffa11d93260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2051 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2052 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2053 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2054 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2055 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2056 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2057 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2058 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2059 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2060 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2061 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2062 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2063 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2064 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2065 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2066 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2067 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2068 start_va = 0x7ffa133e0000 end_va = 0x7ffa13465fff monitored = 0 entry_point = 0x7ffa133ed8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2069 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2070 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2071 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2072 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2073 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2074 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2075 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2076 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2077 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2078 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2079 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2080 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2081 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2082 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 135 os_tid = 0xc68 Thread: id = 136 os_tid = 0xc7c Thread: id = 137 os_tid = 0xc98 Thread: id = 138 os_tid = 0x13dc Thread: id = 139 os_tid = 0x230 Thread: id = 140 os_tid = 0x830 Thread: id = 141 os_tid = 0xbb4 Thread: id = 142 os_tid = 0xbc4 Thread: id = 143 os_tid = 0x478 Thread: id = 144 os_tid = 0x468 Thread: id = 145 os_tid = 0x458 Thread: id = 146 os_tid = 0x450 Thread: id = 147 os_tid = 0x44c Thread: id = 148 os_tid = 0x434 Thread: id = 149 os_tid = 0x42c Thread: id = 150 os_tid = 0x8 Thread: id = 151 os_tid = 0x348 Thread: id = 152 os_tid = 0x324 Thread: id = 153 os_tid = 0x2f4 Thread: id = 154 os_tid = 0x2e8 Thread: id = 155 os_tid = 0x174 Thread: id = 156 os_tid = 0x284 Thread: id = 157 os_tid = 0x394